VPN? Not on the main machine - the mini - that I believe is causing the problem. 

Curiously I have a Norton vpn on the iPhone and this is still sending mail Ok to the VM server. Another new mac has the same vpn but it has been isolated since it all started.

I am trying to get to grips with Wireshark but the ports seem to be very quiet but I am rather a novice on it. I am struggling with Sololobos's suggestion as I had read all of the thread and could not see what to do. Should I just ask Spamhaus to remove my IP from the list, even though they ask that the ISP does it?

From the curl error report timing, it seems it all went bang on Friday night at 11pm. By coincidence, I had a large crash on my Contacts (address book) entries and had to delete all the contacts and then restore them from the iCloud. This is all back in working order now but is it possible that this exercise upset the spam monitors that seem to abound, leading to my placement on the list? 

Thanks for the suggestions but I am not getting there! New password on the account did no good.

Mike

Hi @mikebrg, 

Welcome to our Community Forums and thanks for your post.

Have you been able to take a look at the thread shared by sololobo to see if there's anything there that may explain this?

Yes, I have read it all again but now need to request removal from the SBL. I may try request to them myself but it does ask for my ISP (you guys) to request it.

I have struggled to understand HELO analysis and even worse, how to use Wireshark. I cannot get a HELO response as the VM server will not accept anything from me. I am an ordinary user and just want to send some emails! Wireshark indicates very little activity on my network going out when Mail is closed. Say a packet every 30 seconds. To eliminate any spambots I have run Intego virus barrier and also clamXAV. The latter found two old suspects, now removed (mackeeper and FKCodec).

The other suggestion asking about a VPN made me look at my system again. This morning, I tried to send email out from another new mac connected to the same mac router going to the same server It has a Norton VPN installed and for a few hours, it did work properly. I noticed that the external IP address was different if I used the VPN (an Amazonaws server responded) to when I switched it off (to get the usual Virgin media server in Guildford, where I live - the same as my main machine uses). By this afternoon, all contact with any Virgin outgoing server was lost on both machines even with a VPN and to make things worse, I am now appearing on more blacklists. I am not aware of any spamming or incorrect settings as I have checked them all. 

I phoned 150 this evening for help and someone will come back to me in 5 days. If anyone has any other suggestions, I shall be eternally grateful.

Mike

Hi Mike, 

Thank you for coming back to us. Sorry to hear that you are experiencing this issue. I just want to clarify a few things so we can offer support to the best of our ability.

 If you can please let us know the following:

1) Is the issue still isolated to one device? (The Mac 1 mini). 

2) You have mentioned using a VPN - is the issue occurring when you are not using a VPN?

3) You mentioned that the device you are using is Networked. Does the issue occur when the device is not networked?

4) Is the issue isolated to just being able to send emails? 

Having had a look on our systems I cannot see any issues at the exchange which would be contributing to this issue, and we are unable to communicate with your hub as you are using 3rd party networking equipment. 

If you would like us to run further testing on the hub we will need you to disconnect any 3rd party networking equipment, and have the hub in router mode so we can offer further support. 
Let us know! We can then offer further support. 

All the best. 

Hi Molly-T

Thanks for the ideas and response. It makes great sense to isolate the issues and just connect my suspect mac mini to your hub in router mode. I wish I had thought of it!  I will do this today and pet you know the outcome of all the tests I can do and then report the results to you.

Is it safe for me to put my external IP addresses on this board when I get the reports back?

Mike

Hi Molly-T

All the following relates to one mac mini connected by cable to Virgin Hub 3, using Mail to connect an NTL e-mail account using virginmedia servers. I have switched off all other accounts and wifi devices in the house so just an en(0) connection in use.

Intego net barrier and virus checker is on, as normal, but there is no VPN on the system described.

Basically I still cannot connect the VM outgoing mail server. I get the usual error message about connection failed and so then go down the pathways to investigate. Mail is still coming in, fortunately, so I have an incoming server connection. I should mention that during my attempts to get out off trouble, I reset the mail account password. i regret this now as I have half my machines using the old password and I think this one using the new one. In any event, I am having to try everything with both passwords for now as I cannot authenticate the account login, for obvious reasons.

I have looked at four different things and this is what I get:

1] Hub 3 reports: wifi working and one computer connected by ethernet wire. I agree. Run the hub broadband diagnostic tool and it reports that there is an intermittent signal on my connection. It then reports that I am not connected to the internet but I most surely am as all other websites are working perfectly. There is a steady green bar on the hub. So move on to next test.

2] Search with 'whatismyIPaddress.com' to get slightly different IP address now for the virgin router. It is still a local (Guildford) server. Click through to blocklist and find, as before, the IP is listed on two of the sorbs.net listings.

3]Run the curl etc command in Terminal. Using new password - get different error message VM300. Auth credentials Invalid. Login denied. Using old password - get different message that ends as follows: 'smtp 350 Auth successful for 'me'. Connection hash0 to host smtp.virginmedia.com left intact'.

4] mac Mail info and settings. Settings for the account reports that the outgoing server is offline though it sometimes starts up saying it is connected but after 30 secs, I get the 'offline' addendum. Outgoing mail just bounces back, asking me to check my settings.....   I have set up logging using the Mail facility and can see from the Connection Doctor (in Mail) that the incoming server is connected but the outgoing is not. All consistent. Let me know if the connection logs are of any use to you, and how to send them. I can capture them on Word, for example.

I look forward to hearing what to do next. Unfortunately i cannot leave the computer linked to the Virgin Hub for extended periods for family reasons and need to reset the house back to the network most of the time. I can connect it in this test mode if we can arrange set window of time. Pls advise.

Mike

@mikebrg 

Spamhaus have multiple lists, the one of concern is the SBL (Spam Block List), You should be on their PBL by design as ALL residential connections should be on this.

1. If your public IP address is on the SBL - it is because Spam has been seen coming from a device sitting behind your router.
2. Most home routers don't allow the blocking of outbound ports.
3. Most people think too small when they have this problem, they concentrate on the "real computers" (Mac Mini, Windows PC etc) and forget that they also have a lot of other computers on their network (Smart TV, Amazon Firestick, Mobile phones and more)

The idea of my post was to find a way of using Wireshark to look for traffic heading for port 25, First on the PC it was installed on, and then using the Wireless Hotspot feature of Windows to effectively turn that machine into a mini router and then connect any Wireless devices via that in order to find the culprit

The filter I provided was to ensure that the ONLY traffic you see is that bound for port 25 as no email provider uses these settings, VM allow it on their legacy domains, but if you are using those - you should be updating your settings anyway.

After that, if you are seeing such traffic, then it's up to you to figure out which device is generating it and take steps accordingly.

We have seen Firesticks using unauthorised add ons be used by spammers to send their mail, also be aware that if anyone is using HOLA FREE VPN then they may unwittingly be allowing their devices to send spam, as HOLA is not a typical VPN, If anyone in your household is using this, it should be deleted immediately.

Tim