Menu
Reply
Highlighted
  • 547
  • 44
  • 171
DreamOfCheese
Rising star
891 Views
Message 21 of 26
Flag for a moderator

Re: SMTP Failing

If you read down to the bottom of the article where it details how to find out if you have one it says "Have you jailbroken your device?" which is essentially the only way to get a virus on the iOS platform as it breaks out of the walled garden and takes down the safeguards of the OS.

The only other example of an actual known attack the article gives is xcodeghost, which was a compromised illegitimate version of xcode that injected malicious code into the application during compilation, and even then the malicious code still couldn't access anything outside the confines of the application the developer had unwittingly allowed it to inject into.

0 Kudos
Reply
  • 10
  • 0
  • 2
TommyM1
Tuning in
867 Views
Message 22 of 26
Flag for a moderator

Re: SMTP Failing

Thank you Ravenstar68 and Adrian Parker. emails are now working as they should
  • 10
  • 0
  • 2
TommyM1
Tuning in
778 Views
Message 23 of 26
Flag for a moderator

Re: SMTP Failing

Sending Emails has stopped working again. Have ran malwarebytes again but has not found anything. I have attached log from Thunderbird and wonder if anyone can help once again. [114560:Main Thread]: I/SMTP SMTP Connecting to: smtp.virginmedia.com:465
[114560:Main Thread]: I/SMTP SMTP entering state: 0
[114560:Main Thread]: I/SMTP SMTP Response: 220 know-smtprelay-10-imp cmsmtp ESMTP server ready
[114560:Main Thread]: I/SMTP SMTP entering state: 14
[114560:Main Thread]: I/SMTP SMTP Send: EHLO [127.0.0.1]

[114560:Main Thread]: I/SMTP SMTP entering state: 0
[114560:Main Thread]: I/SMTP SMTP Response: 250-know-smtprelay-10-imp hello [81.97.118.219], pleased to meet you
[114560:Main Thread]: I/SMTP SMTP entering state: 0
[114560:Main Thread]: I/SMTP SMTP Response: 250-HELP
[114560:Main Thread]: I/SMTP SMTP entering state: 0
[114560:Main Thread]: I/SMTP SMTP Response: 250-AUTH LOGIN PLAIN
[114560:Main Thread]: I/SMTP SMTP entering state: 0
[114560:Main Thread]: I/SMTP SMTP Response: 250-SIZE 52000000
[114560:Main Thread]: I/SMTP SMTP entering state: 0
[114560:Main Thread]: I/SMTP SMTP Response: 250-ENHANCEDSTATUSCODES
[114560:Main Thread]: I/SMTP SMTP entering state: 0
[114560:Main Thread]: I/SMTP SMTP Response: 250-PIPELINING
[114560:Main Thread]: I/SMTP SMTP entering state: 0
[114560:Main Thread]: I/SMTP SMTP Response: 250-8BITMIME
[114560:Main Thread]: I/SMTP SMTP entering state: 0
[114560:Main Thread]: I/SMTP SMTP Response: 250 OK
[114560:Main Thread]: I/SMTP SMTP entering state: 4
[114560:Main Thread]: I/SMTP SMTP entering state: 21
[114560:Main Thread]: D/SMTP SMTP auth: server caps 0x20330, pref 0x300, failed 0x0, avail caps 0x300
[114560:Main Thread]: D/SMTP (GSSAPI = 0x800, CRAM = 0x2000, NTLM = 0x4000, MSN = 0x8000, PLAIN = 0x200, LOGIN = 0x100, EXTERNAL = 0x400)
[114560:Main Thread]: D/SMTP trying auth method 0x200
[114560:Main Thread]: I/SMTP SMTP entering state: 16
[114560:Main Thread]: D/SMTP SMTP AuthLoginStep1() for xxxxxxxxxxxxxxsmtp.virginmedia.com
[114560:Main Thread]: D/SMTP PLAIN auth
[114560:Main Thread]: I/SMTP Logging suppressed for this command (it probably contained authentication information)
[114560:Main Thread]: I/SMTP SMTP entering state: 0
[114560:Main Thread]: I/SMTP SMTP Response: 525 5.7.13 Authentication Denied (VM305)
[114560:Main Thread]: I/SMTP SMTP entering state: 18
[114560:Main Thread]: D/SMTP SMTP Login response, code 525
[114560:Main Thread]: D/SMTP marking auth method 0x200 failed
[114560:Main Thread]: D/SMTP SMTP auth: server caps 0x20330, pref 0x300, failed 0x200, avail caps 0x100
[114560:Main Thread]: D/SMTP (GSSAPI = 0x800, CRAM = 0x2000, NTLM = 0x4000, MSN = 0x8000, PLAIN = 0x200, LOGIN = 0x100, EXTERNAL = 0x400)
[114560:Main Thread]: D/SMTP trying auth method 0x100
[114560:Main Thread]: E/SMTP SMTP: login failed: failed 200, current 100
[114560:Main Thread]: I/SMTP SMTP entering state: 21
[114560:Main Thread]: D/SMTP SMTP auth: server caps 0x20330, pref 0x300, failed 0x200, avail caps 0x100
[114560:Main Thread]: D/SMTP (GSSAPI = 0x800, CRAM = 0x2000, NTLM = 0x4000, MSN = 0x8000, PLAIN = 0x200, LOGIN = 0x100, EXTERNAL = 0x400)
[114560:Main Thread]: D/SMTP trying auth method 0x100
[114560:Main Thread]: I/SMTP SMTP entering state: 15
[114560:Main Thread]: D/SMTP SMTP: MSN or LOGIN auth, step 0
[114560:Main Thread]: I/SMTP SMTP Send: AUTH LOGIN

[114560:Main Thread]: I/SMTP SMTP connection dropped after 259 total bytes read
[114560:Main Thread]: D/SMTP SMTP Login response, code 525
[114560:Main Thread]: D/SMTP marking auth method 0x100 failed
[114560:Main Thread]: D/SMTP SMTP auth: server caps 0x20331, pref 0x300, failed 0x300, avail caps 0x0
[114560:Main Thread]: D/SMTP (GSSAPI = 0x800, CRAM = 0x2000, NTLM = 0x4000, MSN = 0x8000, PLAIN = 0x200, LOGIN = 0x100, EXTERNAL = 0x400)
[114560:Main Thread]: E/SMTP no auth method remaining
[114560:Main Thread]: W/SMTP SMTP: ask user what to do (after login failed): new password, retry or cancel
[114560:Main Thread]: W/SMTP cancel button pressed
0 Kudos
Reply
  • 52
  • 0
  • 5
AdrianParker
On our wavelength
757 Views
Message 24 of 26
Flag for a moderator

Re: SMTP Failing

it's the same problem others have had..

[114560:Main Thread]: I/SMTP SMTP Response: 525 5.7.13 Authentication Denied (VM305)

The VM305 means that your IP address is on a blacklist..  

Find your ipv4 address from here..  https://www.whatismyip.com/

And type it into here to see if you're listed..   https://www.spamhaus.org/lookup/

 

  • 10
  • 0
  • 2
TommyM1
Tuning in
743 Views
Message 25 of 26
Flag for a moderator

Re: SMTP Failing

Spamhaus say it’s because it address has been detected spamming, they have cleared the block to my IP address but say it could be short lived unless I can find the problem. I have ran 3 different anti malware programs on both laptop and desktop and neither have found anything. I have also tried putting zip address into 2 different bot detection websites and they have come back as clear. Any suggestions what I can do to try and find the problem. Many thanks
0 Kudos
Reply
  • 17.77K
  • 975
  • 7.4K
Very Insightful Person
Very Insightful Person
727 Views
Message 26 of 26
Flag for a moderator

Re: SMTP Failing

If your IP address is appearing on certain blacklists (not policy blacklists like the PBL or SORBS DUHL) then it's usually as it's been seen spamming directly.

Possibilities include using netstat and piping the output to find looking for connections to port 25

  • Open a command window by typing cmd into the search bar and hitting enter.
  • Type in netstat -ano | find ":25 "  (Note the : before the 25 space between the 25 and the closing ")
C:\Users\timdu>netstat -ano | find ":25 "
  TCP    127.0.0.1:25           0.0.0.0:0              LISTENING       9532
  TCP    [::1]:25               [::]:0                 LISTENING       9532

Bear in mind that the outbput is given as follows.

Protocol      Local IP address:Port            Remote IP address:Port      Connection state    Process ID

We're actually looking for Port 25 to appear on the Remote IP address:Port combination i.e. the parts I've highlighted in red.  I've actually got a program listening for connections on port 25 but only from the same computer.  However lets connect to it to show you how netstat can be used.

I'll connect to the listening program.  Now when I run netstat I get this:

C:\Users\timdu>netstat -ano | find ":25 "
  TCP    127.0.0.1:25           0.0.0.0:0              LISTENING       9532
  TCP    [::1]:25               [::]:0                 LISTENING       9532
  TCP    [::1]:25               [::1]:1060             ESTABLISHED     9532
  TCP    [::1]:1060             [::1]:25               ESTABLISHED     40688

Note that Windows uses IPv6 by default and ::1 is the IPv6 equivalent of 127.0.0.1 - the loopback IP address.

So we can see an outbound connection has been made to port 25  It's currently connected "ESTABLISHED" and is on PID 40688

So how do we find out what process that is?

There's a windows command tasklist to find a list of running commands.  By piping it through find we can save hunting through the whole list

C:\Users\timdu>tasklist | find "40688"
telnet.exe                   40688 Console                    1      6,612 K

We see that in this case the program is telnet.exe

The above is not exactly a surprise to me as I used telnet to make the connection.  But I hope this demonstrates the principle well enough.

Alternatively you could try blocking OUTBOUND connections to port 25 on all remote IP addresses in windows firewall.

Unless you're actually running a mail server you shouldn't need it, UNLESS you have an account with a backwards email service that ONLY uses port 25 (I'm looking at you as an example Plusnet), but there shouldn't be too many of those out there.  Also if you are running a mail server you shouldn't be delivering mail directly to mail exchangers so you still don't need port 25 outbound.

Tim

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped