on 10-10-2022 16:45
For two days now have had VM outgoing server offline to me but only on one of several networked machines. All other routes servers and computers working. Problem machine is a recent Mac M1 mini, Monterey, and Intego virus and net barrier in good order, using Mail for e-mail.
After two days searching I have found the terminal curl command and discovered I have VM305 report leading to me being black listed on Spamhaus blocklist.
I have reset and checked everything and can see no unusual packets leaving the ports. I am using an airport extreme as the router and VM Hub 3 as a modem. One aspect is I cannot see how to close Port 25 as an output, as Spamhaus request.
One report that may help is the response to the curl command that came back with the following final use helo values (redacted): 'my public IP' 'time' mail-pal-f230.google.com which is not virgin related!
Full virus etc scan reveals nothing. The whole thing is a mystery and beyond my tech knowledge.
Spamhaus asks that all requests for unblocking come from the ISP. Can you advise and help?
Answered! Go to Answer
on 19-10-2022 19:01
@mikebrg The post that Ravenstar68 is referring to can be found here:
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media, I'm a VM customer. There are no guarantees that my advice will work. Please read the FAQs
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks
on 10-10-2022 19:25
The first few posts in this thread https://community.virginmedia.com/t5/Forum-Archive/525-5-7-13-Authentication-Denied-VM305/td-p/43813... may give you a clue as to why you have this issue, and a method to resolve it.
on 10-10-2022 20:19
You don’t happen to be using a VPN by any chance do you?
on 10-10-2022 20:36
VPN? Not on the main machine - the mini - that I believe is causing the problem.
Curiously I have a Norton vpn on the iPhone and this is still sending mail Ok to the VM server. Another new mac has the same vpn but it has been isolated since it all started.
I am trying to get to grips with Wireshark but the ports seem to be very quiet but I am rather a novice on it. I am struggling with Sololobos's suggestion as I had read all of the thread and could not see what to do. Should I just ask Spamhaus to remove my IP from the list, even though they ask that the ISP does it?
From the curl error report timing, it seems it all went bang on Friday night at 11pm. By coincidence, I had a large crash on my Contacts (address book) entries and had to delete all the contacts and then restore them from the iCloud. This is all back in working order now but is it possible that this exercise upset the spam monitors that seem to abound, leading to my placement on the list?
Thanks for the suggestions but I am not getting there! New password on the account did no good.
Mike
on 11-10-2022 20:40
Hi @mikebrg,
Welcome to our Community Forums and thanks for your post.
Have you been able to take a look at the thread shared by sololobo to see if there's anything there that may explain this?
on 11-10-2022 20:59
Yes, I have read it all again but now need to request removal from the SBL. I may try request to them myself but it does ask for my ISP (you guys) to request it.
I have struggled to understand HELO analysis and even worse, how to use Wireshark. I cannot get a HELO response as the VM server will not accept anything from me. I am an ordinary user and just want to send some emails! Wireshark indicates very little activity on my network going out when Mail is closed. Say a packet every 30 seconds. To eliminate any spambots I have run Intego virus barrier and also clamXAV. The latter found two old suspects, now removed (mackeeper and FKCodec).
The other suggestion asking about a VPN made me look at my system again. This morning, I tried to send email out from another new mac connected to the same mac router going to the same server It has a Norton VPN installed and for a few hours, it did work properly. I noticed that the external IP address was different if I used the VPN (an Amazonaws server responded) to when I switched it off (to get the usual Virgin media server in Guildford, where I live - the same as my main machine uses). By this afternoon, all contact with any Virgin outgoing server was lost on both machines even with a VPN and to make things worse, I am now appearing on more blacklists. I am not aware of any spamming or incorrect settings as I have checked them all.
I phoned 150 this evening for help and someone will come back to me in 5 days. If anyone has any other suggestions, I shall be eternally grateful.
Mike
on 13-10-2022 08:29
Hi Mike,
Thank you for coming back to us. Sorry to hear that you are experiencing this issue. I just want to clarify a few things so we can offer support to the best of our ability.
If you can please let us know the following:
1) Is the issue still isolated to one device? (The Mac 1 mini).
2) You have mentioned using a VPN - is the issue occurring when you are not using a VPN?
3) You mentioned that the device you are using is Networked. Does the issue occur when the device is not networked?
4) Is the issue isolated to just being able to send emails?
Having had a look on our systems I cannot see any issues at the exchange which would be contributing to this issue, and we are unable to communicate with your hub as you are using 3rd party networking equipment.
If you would like us to run further testing on the hub we will need you to disconnect any 3rd party networking equipment, and have the hub in router mode so we can offer further support.
Let us know! We can then offer further support.
All the best.
on 13-10-2022 10:34
Hi Molly-T
Thanks for the ideas and response. It makes great sense to isolate the issues and just connect my suspect mac mini to your hub in router mode. I wish I had thought of it! I will do this today and pet you know the outcome of all the tests I can do and then report the results to you.
Is it safe for me to put my external IP addresses on this board when I get the reports back?
Mike
on 13-10-2022 15:14
Hi Molly-T
All the following relates to one mac mini connected by cable to Virgin Hub 3, using Mail to connect an NTL e-mail account using virginmedia servers. I have switched off all other accounts and wifi devices in the house so just an en(0) connection in use.
Intego net barrier and virus checker is on, as normal, but there is no VPN on the system described.
Basically I still cannot connect the VM outgoing mail server. I get the usual error message about connection failed and so then go down the pathways to investigate. Mail is still coming in, fortunately, so I have an incoming server connection. I should mention that during my attempts to get out off trouble, I reset the mail account password. i regret this now as I have half my machines using the old password and I think this one using the new one. In any event, I am having to try everything with both passwords for now as I cannot authenticate the account login, for obvious reasons.
I have looked at four different things and this is what I get:
1] Hub 3 reports: wifi working and one computer connected by ethernet wire. I agree. Run the hub broadband diagnostic tool and it reports that there is an intermittent signal on my connection. It then reports that I am not connected to the internet but I most surely am as all other websites are working perfectly. There is a steady green bar on the hub. So move on to next test.
2] Search with 'whatismyIPaddress.com' to get slightly different IP address now for the virgin router. It is still a local (Guildford) server. Click through to blocklist and find, as before, the IP is listed on two of the sorbs.net listings.
3]Run the curl etc command in Terminal. Using new password - get different error message VM300. Auth credentials Invalid. Login denied. Using old password - get different message that ends as follows: 'smtp 350 Auth successful for 'me'. Connection hash0 to host smtp.virginmedia.com left intact'.
4] mac Mail info and settings. Settings for the account reports that the outgoing server is offline though it sometimes starts up saying it is connected but after 30 secs, I get the 'offline' addendum. Outgoing mail just bounces back, asking me to check my settings..... I have set up logging using the Mail facility and can see from the Connection Doctor (in Mail) that the incoming server is connected but the outgoing is not. All consistent. Let me know if the connection logs are of any use to you, and how to send them. I can capture them on Word, for example.
I look forward to hearing what to do next. Unfortunately i cannot leave the computer linked to the Virgin Hub for extended periods for family reasons and need to reset the house back to the network most of the time. I can connect it in this test mode if we can arrange set window of time. Pls advise.
Mike
14-10-2022 05:23 - edited 14-10-2022 05:23
Spamhaus have multiple lists, the one of concern is the SBL (Spam Block List), You should be on their PBL by design as ALL residential connections should be on this.
The idea of my post was to find a way of using Wireshark to look for traffic heading for port 25, First on the PC it was installed on, and then using the Wireless Hotspot feature of Windows to effectively turn that machine into a mini router and then connect any Wireless devices via that in order to find the culprit
The filter I provided was to ensure that the ONLY traffic you see is that bound for port 25 as no email provider uses these settings, VM allow it on their legacy domains, but if you are using those - you should be updating your settings anyway.
After that, if you are seeing such traffic, then it's up to you to figure out which device is generating it and take steps accordingly.
We have seen Firesticks using unauthorised add ons be used by spammers to send their mail, also be aware that if anyone is using HOLA FREE VPN then they may unwittingly be allowing their devices to send spam, as HOLA is not a typical VPN, If anyone in your household is using this, it should be deleted immediately.
Tim
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks