Menu
Reply
  • 9
  • 0
  • 2
TommyM1
Tuning in
462 Views
Message 1 of 8
Flag for a moderator

SMTP Block list

My I.P. address has been blocked for the third time and I am unable to send emails again. I have ran various anti malware programs and nothing has been found. I have malwarebytes currently running on both laptop and desktop andI have also blocked all traffic from using port 25 on both machines. Can anyone give me some idea what else I can do to secure both devices.  

0 Kudos
Reply
  • 9
  • 0
  • 2
TommyM1
Tuning in
461 Views
Message 2 of 8
Flag for a moderator

Re: SMTP Block list

Sorry, should have said thank you for all the help with this previously.

 

  • 1.36K
  • 75
  • 131
Forum Team
Forum Team
406 Views
Message 3 of 8
Flag for a moderator

Re: SMTP Block list

Hi TommyM1.

 

Thank you for reaching out to us in our community.

 

Sorry to hear that your IP address has been blocked and you aren't able to send any emails.

 

 

Are you receiving receiving a bounce back / error message when attempting to send email, does this happen when emailing anybody, or is it certain addresses or domains?

 

 

Kind regards

 

Paul.

  • 17.47K
  • 957
  • 7.14K
Superuser
Superuser
399 Views
Message 4 of 8
Flag for a moderator

Re: SMTP Block list

Hi Paul

I'm going to help out a little if I may.  Tommy actually posted in someone else's thread originally.  He was sending using Thunderbird and he provided a log excerpt from the email client.  There's a lot is extra stuff there but here's the important bit.

From: https://community.virginmedia.com/t5/Email/SMTP-Failing/m-p/3983857/highlight/true#M172843

[114560:Main Thread]: D/SMTP SMTP auth: server caps 0x20330, pref 0x300, failed 0x0, avail caps 0x300
[114560:Main Thread]: D/SMTP (GSSAPI = 0x800, CRAM = 0x2000, NTLM = 0x4000, MSN = 0x8000, PLAIN = 0x200, LOGIN = 0x100, EXTERNAL = 0x400)
[114560:Main Thread]: D/SMTP trying auth method 0x200
[114560:Main Thread]: I/SMTP SMTP entering state: 16
[114560:Main Thread]: D/SMTP SMTP AuthLoginStep1() for xxxxxxxxxxxxxxsmtp.virginmedia.com
[114560:Main Thread]: D/SMTP PLAIN auth
[114560:Main Thread]: I/SMTP Logging suppressed for this command (it probably contained authentication information)
[114560:Main Thread]: I/SMTP SMTP entering state: 0
[114560:Main Thread]: I/SMTP SMTP Response: 525 5.7.13 Authentication Denied (VM305)
[114560:Main Thread]: I/SMTP SMTP entering state: 18
[114560:Main Thread]: D/SMTP SMTP Login response, code 525
[114560:Main Thread]: D/SMTP marking auth method 0x200 failed

 I've highlighted the login attempt in blue.

There is no bounceback as it's actually your outbound relays that are blocking the send BEFORE the mail transaction is complete -  VM305 indicates the specific reason for the rejection.  I'm going to drop you a PM with a list of SMTP codes, you should by all rights have access to this list already.

Because this rejection happens at the point where the email client sends the username and password.  Thunderbird treats this as if the password is wrong.  However this actually has nothing to do with the password itself.

Tim

 

________________________________________


Only use Helpful answer if your problems been solved.

  • 9
  • 0
  • 2
TommyM1
Tuning in
372 Views
Message 5 of 8
Flag for a moderator

Re: SMTP Block list

Thanks to Paul and Tim, am on holiday at present so haven’t got access to my laptop or desktop. The reply I got from Spamhaus was
“Your IP still appears to be spamming at this time.
This is likely a virus somewhere in your system.

At this time we do not have a sample which could help you identify the cause.

Assuming you find and fix the problem, this listing will expire if our
systems do not see your IP address for a while.

This IP has been seen spuriously since 4th May.
Latest was 9th may around 2300 GMT “

Hence the reason for my recent post as I couldn’t think of anything else I could do to find any virus or malware

0 Kudos
Reply
  • 17.47K
  • 957
  • 7.14K
Superuser
Superuser
354 Views
Message 6 of 8
Flag for a moderator

Re: SMTP Block list

At this point you need to do a thorough audit of ALL devices currently connected to your network.

If Spamhaus can see them spamming, it would normally suggest that they can see evidence of traffic coming from your WAN IP to destination port 25.

It would be nice if they could capture the EHLO/HELO part of the transaction as that MIGHT (depending on how the client announces itself) have the IP address of the client as clients will normally identify themselves with either their device name or the literal IP address they are on e.g. [192.168.0.10] - Note that if you only use VM's SMTP servers to send, none of your devices should be using port 25 anyway.  For the PC's this would give you another possible avenue as you could use Wireshark with a capture filter set to ONLY capture traffic on port 25.  Leave it running for an hour or two and see what happens.  If there's no traffic you can rule the PC out.

With other devices it's a little harder 😞  I'd certainly consider doing a factory reset on some of your devices.  I'd also consider saving any files you want to keep on you're PC's and doing factory restores if your AV software can't find what's causing this.

Tim

________________________________________


Only use Helpful answer if your problems been solved.

  • 9
  • 0
  • 2
TommyM1
Tuning in
339 Views
Message 7 of 8
Flag for a moderator

Re: SMTP Block list

Thanks again Tim, will get on to it in a couple of weeks when I get back from holiday.
0 Kudos
Reply
  • 17.47K
  • 957
  • 7.14K
Superuser
Superuser
323 Views
Message 8 of 8
Flag for a moderator

Re: SMTP Block list

If Spamhaus can see the devices spamming and you aren't at home, then you need to ask yourself this:

what internet enabled devices are powered on right now?  We can rule out any devices that are definitely powered down while you're away.

Tim

P.S.  Enjoy your holiday.

________________________________________


Only use Helpful answer if your problems been solved.