Menu
Reply
Highlighted
  • 17
  • 0
  • 1
Tuning in
805 Views
Message 1 of 14
Flag for a moderator

Outgoing SMTP failing - VM305

Like others on here, I'm suddenly unable to send email via SMTP.

I've enabled logging on Thunderbird. Extract below.

0[5311140]: SMTP: login failed: failed C00, current 0
0[5311140]: SMTP Connecting to: smtp.virginmedia.com
0[5311140]: SMTP entering state: 0
0[5311140]: SMTP Response: 220 know-smtprelay-6-imp cmsmtp ESMTP server ready
0[5311140]: SMTP entering state: 14
0[5311140]: SMTP Send: EHLO [192.168.0.8]

0[5311140]: SMTP entering state: 0
0[5311140]: SMTP Response: 250-know-smtprelay-6-imp hello [removed], pleased to meet you
0[5311140]: SMTP entering state: 0
0[5311140]: SMTP Response: 250-HELP
0[5311140]: SMTP entering state: 0
0[5311140]: SMTP Response: 250-AUTH LOGIN PLAIN
0[5311140]: SMTP entering state: 0
0[5311140]: SMTP Response: 250-SIZE 52000000
0[5311140]: SMTP entering state: 0
0[5311140]: SMTP Response: 250-ENHANCEDSTATUSCODES
0[5311140]: SMTP entering state: 0
0[5311140]: SMTP Response: 250-PIPELINING
0[5311140]: SMTP entering state: 0
0[5311140]: SMTP Response: 250-8BITMIME
0[5311140]: SMTP entering state: 0
0[5311140]: SMTP Response: 250 OK
0[5311140]: SMTP entering state: 4
0[5311140]: SMTP entering state: 21
0[5311140]: SMTP auth: server caps 0x20310, pref 0x300, failed 0x0, avail caps 0x300
0[5311140]: (GSSAPI = 0x800, CRAM = 0x2000, NTLM = 0x4000, MSN =  0x8000, PLAIN = 0x200, LOGIN = 0x100, EXTERNAL = 0x400)
0[5311140]: trying auth method 0x200
0[5311140]: SMTP entering state: 16
0[5311140]: SMTP AuthLoginStep1() for myusername@ntlworld.com@removed
0[5311140]: PLAIN auth
0[5311140]: Logging suppressed for this command (it probably contained authentication information)
0[5311140]: SMTP entering state: 0
0[5311140]: SMTP Response: 525 5.7.13 Authentication Denied (VM305)
0[5311140]: SMTP entering state: 18
0[5311140]: SMTP Login response, code 525
0[5311140]: marking auth method 0x200 failed
0[5311140]: SMTP auth: server caps 0x20310, pref 0x300, failed 0x200, avail caps 0x100
0[5311140]: (GSSAPI = 0x800, CRAM = 0x2000, NTLM = 0x4000, MSN =  0x8000, PLAIN = 0x200, LOGIN = 0x100, EXTERNAL = 0x400)
0[5311140]: trying auth method 0x100
0[5311140]: SMTP: login failed: failed 200, current 100
0[5311140]: SMTP entering state: 21
0[5311140]: SMTP auth: server caps 0x20310, pref 0x300, failed 0x200, avail caps 0x100
0[5311140]: (GSSAPI = 0x800, CRAM = 0x2000, NTLM = 0x4000, MSN =  0x8000, PLAIN = 0x200, LOGIN = 0x100, EXTERNAL = 0x400)
0[5311140]: trying auth method 0x100
0[5311140]: SMTP entering state: 15
0[5311140]: SMTP: MSN or LOGIN auth, step 0
0[5311140]: SMTP Send: AUTH LOGIN

0[5311140]: SMTP connection dropped after 258 total bytes read
0[5311140]: SMTP Login response, code 525
0[5311140]: marking auth method 0x100 failed
0[5311140]: SMTP auth: server caps 0x20311, pref 0x300, failed 0x300, avail caps 0x0
0[5311140]: (GSSAPI = 0x800, CRAM = 0x2000, NTLM = 0x4000, MSN =  0x8000, PLAIN = 0x200, LOGIN = 0x100, EXTERNAL = 0x400)
0[5311140]: no auth method remaining
0[5311140]: SMTP: ask user what to do (after login failed): new password, retry or cancel
0[5311140]: cancel button pressed


I followed the links to abuseat.org. It says my IP hasn't been appeared in the past 28 days.
I followed the links to spamhaus.
It says my IP is listed in the SBL and the PBL.
I contacted them, and they said that they'd seen spam behaviour at 7am on Sunday morning.
Which is a neat trick, as I was sound asleep at that time, with my Win 10 laptop switched off.

I've scanned my laptop using MalwareBytes, and found a potentially unwanted program in Chrome from videodownloader ask.com. Which doesn't sound like anything spam-capable - but I've cleared that.

I've scanned my Android phone with Malwarebytes - clean.

My Thunderbird outgoing email settings haven't changed in a couple of years.

smtp.virginmedia.com
port 465
Security = SLS/TLS
Authentication method = Normal password
Username = my ntlworld email address

For lack of anything better, I changed it to @VirginMedia.com - no dice.

All advice gratefully received.

Thanks,
Gerard

 

[MOD EDIT: Personal and private information has been removed from this post. Please do not post personal or private information in your public posts. Please review the Forum Guidelines]

0 Kudos
Reply
Highlighted
  • 3.91K
  • 707
  • 1.02K
Very Insightful Person
Very Insightful Person
760 Views
Message 2 of 14
Flag for a moderator

Re: Outgoing SMTP failing - VM305

Hello

If you login into webmail do you get the same problem, webmail can be logged in at https://mail2.virginmedia.com/

Regards Mike

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Highlighted
  • 17
  • 0
  • 1
Tuning in
754 Views
Message 3 of 14
Flag for a moderator

Re: Outgoing SMTP failing - VM305

In tried and tested "typical!" fashion, I can now send from Thunderbird without any issue after 2 days of being unable to.
I can only assume whatever block was being imposed has now been lifted.


Thanks for getting back to me, though.

Gerard

0 Kudos
Reply
Highlighted
  • 17
  • 0
  • 1
Tuning in
631 Views
Message 4 of 14
Flag for a moderator

Re: Outgoing SMTP failing - VM305

Urgh - it's happened again today.
525 5.7.13 Authentication Denied (VM305)
Sending emails via Webmail works fine.

I've submitted another entry to Spamhaus.
All devices in the house pass malwarebytes.

 

0 Kudos
Reply
Highlighted
  • 1.15K
  • 166
  • 561
Very Insightful Person
Very Insightful Person
621 Views
Message 5 of 14
Flag for a moderator

Re: Outgoing SMTP failing - VM305

As you have discovered, your public IP address has been listed on Spamhaus' CSS list and as such Virgin Media's mail system will actively block you from connecting - as far as I am aware, being included on the CSS list is the one and only cause of the VM305 message.

So think carefully, how many devices do you actually have on your network, any Amazon Firesticks, Chromecasts, Android TV boxes? All of these are potential hosts for malware and the source of the spam messages being sent out which got you on the list - and until you identify and remove the source you will keep being re-added to the block list.

So for a start you need to read through this post (and at first glance it might look daunting and too technical but it's not as bad as it seems and there is plenty of help available here)

https://community.virginmedia.com/t5/Security-matters/Searching-for-Spambots-on-your-network/m-p/408...

Malwarebytes is very good, I often recommend it myself, but it's not perfect and it's by no means definite that the infected device is your PC or phone anyway,  so we'll just have to do this the long way.

John

Highlighted
  • 76
  • 1
  • 36
Dialled in
613 Views
Message 6 of 14
Flag for a moderator

Re: Outgoing SMTP failing - VM305

It happened to us 3 weeks ago and, after following Ravenstar68's instructions, we finally found out the culprits were a Firestick and a Sony Android TV.  We couldn't check them out with Malwarebytes (or Kaspersky Total Security which we use on our laptops and phones) but the output from the Wireshark monitoring firmly pointed out their guilt.   Since resetting them back to factory settings we've had no more IP blacklisting and running Wireshark periodically has also shown us that no more spam emails are being sent through Port 25. 

Highlighted
  • 17
  • 0
  • 1
Tuning in
574 Views
Message 7 of 14
Flag for a moderator

Re: Outgoing SMTP failing - VM305

Spamhaus have reported that the last spam was sent at 6am yesterday.
Which points to it being a phone, firestick or pi. Rather than either of the wired PCs or the smart TVs.

I've followed the Wireshark instructions with all of these connected to the hotspot for 4-5 hours - nothing found.
I confirmed it's listening by installing a telnet app on the devices and hitting blueyonder's smtp on 25 as in the instructions.

As soon as I exit that, it reverts to no hits.

Is there any way VM can offer some assistance in perhaps listing additional information on the outgoing packets that are being seen?

0 Kudos
Reply
Highlighted
  • 17
  • 0
  • 1
Tuning in
554 Views
Message 8 of 14
Flag for a moderator

Re: Outgoing SMTP failing - VM305

Possible progress of sorts?

I'd put my phone on the Wireshark laptop first, leaving it there for most of the day.
Not a sausage.

I've just fired up my GMail app - I'd not been using it because I'm on my laptop, and Wireshark has started recording port 25 hits.. .Except neither of the settings for my 2 accounts (Virgin and Yahoo) are using port 25. I've saved the results file, if it'll help? It was showing port xxx -> 25 (xxxx being a 4 digit code - I can't get near the monitoring laptop just now)

I've scanned my phone (again) with Malwarebytes, Play Protect and Kapersky - nothing.

So I've uninstalled the GMail app, and will try something like Outlook... See how that goes.

0 Kudos
Reply
Highlighted
  • 18.33K
  • 1.05K
  • 7.88K
Very Insightful Person
Very Insightful Person
548 Views
Message 9 of 14
Flag for a moderator

Re: Outgoing SMTP failing - VM305

If I drop you a PM with my email would you be able to send me the pcap file?

I rather suspect though that you're blaming the wrong thing here.

Tim

PS - the XXXX isn't a code.  It's the local port that your device is using.  replies come back the other way 25 -> xxxx

With regard to your other query.  If Virgin Media was able to tell you anything else about the packets - I wouldn't have had to come up with the post I did.

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

Highlighted
  • 17
  • 0
  • 1
Tuning in
539 Views
Message 10 of 14
Flag for a moderator

Re: Outgoing SMTP failing - VM305

Yep, I'm happy to send the PCAP along.

Even if it's just to prove a false positive, as you suspect.

Many thanks for the offer!

Gerard

0 Kudos
Reply