Menu
Reply
Rawcous
  • 11
  • 0
  • 0
Tuning in
906 Views
Message 1 of 19
Flag for a moderator

Spam content found

Hello,

This is my first post on the forum so i'm finding my feet around here. I can confirm that I have checked this forum etc. prior to reporting this. This issue seems to have been reported by a no. of people on here, but so far ther only solutions I have found seen are where Virgin Media have "intervened".

A few days ago I noticed that although I can "receive" emails from absolutely anyone containing links, however I CANNOT send emails with links to anyone at all regardless of their domain, i.e. hotmail / google / etc. Converting email content to "plain-text" does not resolve the issue. The message I am receiving for example is along the lines of:

The original message was received at Tue, 28 Apr 2020 11:50:31 +0100 from host [xxx.xxx.xxx.xxx]

 

   ----- The following addresses had permanent fatal errors ----- <RecipientEmailAddress>

    (reason: 552 5.7.0 SPAM Content Found (VM603) TNoujuZKgfuiHTNouj5DYN)

 

   ----- Transcript of session follows ----- ... while talking to smtp.ntlworld.com.:

>>> DATA

<<< 552 5.7.0 SPAM Content Found (VM603) TNoujuZKgfuiHTNouj5DYN

554 5.0.0 Service unavailable

To add, I have my own personal domain that I have been hosting from my home address for 10+ years (this is no the cause of the issue)  I am using Outlook as the client but naturally receive the same problem if I use a webmail client for mail transmission. I have my own Linux Mailserver that hosts emails for my domain. I can send emails containing links to myswelf without a problem.

Please advise.

Thanks!

 

Proud owner of self-hosted:

Domain Mail & Web Server (Sendmail / Dovecot & Apache) - CentOS 6.10
Domain FTP & VPN Server (PureFTP & OpenVPN) - CentOS 6.10

I despise what I have become - I have become what I despise! - Rawcous - Circa. 2014
0 Kudos
Reply
John_GS
  • 8.72K
  • 476
  • 770
Forum Team
Forum Team
862 Views
Message 2 of 19
Flag for a moderator

Re: Spam content found

HI Rawcous

 

Thanks for posting and welcome to the community.

 

Sorry to hear of the email issue. Can you send emails with no links in or do you the same message? If it works no issues with no links, please can you do a scan on your equipment for malware for me?

Kind regards,

 

John_GS
Forum Team

Need a helpful hand to show you how to make a payment? Check out our guide - "How to pay my Virgin Media bill"

0 Kudos
Reply
Rawcous
  • 11
  • 0
  • 0
Tuning in
855 Views
Message 3 of 19
Flag for a moderator

Re: Spam content found

Hello & thanks for the welcome.

Emails w/o links can be sent w/o any issue at all. I use Webroot Secure Anywhere for malware scanning combined with Comodo Firewall. The last automated scan of my machine was at 03:00 am (same time every morning). As well as using the Webroot software, if I receive any emails with attachments that I am not 100% sure about i.e. documents potentially containing macros then I head over to VirusTotal for additional scanning.

Additionally I have outlook set up on another machine on my home network and experience exactly the same issue.

Regards.

Proud owner of self-hosted:

Domain Mail & Web Server (Sendmail / Dovecot & Apache) - CentOS 6.10
Domain FTP & VPN Server (PureFTP & OpenVPN) - CentOS 6.10

I despise what I have become - I have become what I despise! - Rawcous - Circa. 2014
0 Kudos
Reply
Gareth_L
  • 6.17K
  • 379
  • 665
Forum Team
Forum Team
839 Views
Message 4 of 19
Flag for a moderator

Re: Spam content found

Hello Rawcous

Thanks for the reply

Would you be happy for me to go away and ask a few people what we need to do to get this fixed

It might take me a while to get some answers, But I will keep you updated along the way 

Gareth_L

0 Kudos
Reply
Rawcous
  • 11
  • 0
  • 0
Tuning in
833 Views
Message 5 of 19
Flag for a moderator

Re: Spam content found

Hello Gareth,

I will be more than happy for you to assist with this issue.

Much appreciated.

Regards,

Rawcous!

Proud owner of self-hosted:

Domain Mail & Web Server (Sendmail / Dovecot & Apache) - CentOS 6.10
Domain FTP & VPN Server (PureFTP & OpenVPN) - CentOS 6.10

I despise what I have become - I have become what I despise! - Rawcous - Circa. 2014
0 Kudos
Reply
Gareth_L
  • 6.17K
  • 379
  • 665
Forum Team
Forum Team
830 Views
Message 6 of 19
Flag for a moderator

Re: Spam content found

Thanks Rawcous

I have asked the questions now. 

As soon as I get some info I will get back to you 

Gareth_L

0 Kudos
Reply
Rawcous
  • 11
  • 0
  • 0
Tuning in
820 Views
Message 7 of 19
Flag for a moderator

Re: Spam content found

Hello Gareth,

I have kind of semi-resolved the issue. I have done a lot of research on spam and associated DMARC, SPF and DKIM DNS issues. I created my own entries via my DNS host. I then implemented DKIM via my mailserver which injects a DKIM signature into all outbound emails, created a server-side key and I can now confirm that I can now send emails with links embedded in them. I am certainly not sure why I had to do all of this in the first place, My only thoughts are that perhaps VirginMedia have recently uprated their security policies to reduce the impact of spam which is definitely on the increase. The only issue that I am having strangely enough is that if I embed a link to my website, or if I embed one of my email addresses associated with my domain it bounces back with the original error message as per below - however if all else works then perhaps I can live with it - it may be something I can potentially resolve server side within the DKIM settings. Just to confirm I have checked via https://whatismyipaddress.com/blacklist-check  which is a great spam list checker tool - my I.P appears on the SORBS list but from researching the issue earlier SORBS often blacklist entire ranges of I.P addresses if they are dynamic rather than static.Perhaps I now temporarily have an issue with embedding my domain as a result of the no. of test emails that I sent whilst trying to resolve the original issue.

The original message was received at Thu, 30 Apr 2020 15:03:39 +0100 from raw02 [192.168.1.2]

   ----- The following addresses had permanent fatal errors ----- <rawebley@hotmail.com>

    (reason: 552 5.7.0 SPAM Content Found (VM603) U9mtj6RZjfuiHU9mtj70ot)

 

   ----- Transcript of session follows ----- ... while talking to smtp.ntlworld.com.:

>>> DATA

<<< 552 5.7.0 SPAM Content Found (VM603) U9mtj6RZjfuiHU9mtj70ot

554 5.0.0 Service unavailable

 

Looking at the email header at the recipient end  I see the following extract:

Received: from SN1NAM04HT004.eop-NAM04.prod.protection.outlook.com
(2603:10a6:10:36::49) by DB8PR03MB5705.eurprd03.prod.outlook.com with HTTPS
via DB7PR05CA0036.EURPRD05.PROD.OUTLOOK.COM; Thu, 30 Apr 2020 13:20:16 +0000
Received: from SN1NAM04FT024.eop-NAM04.prod.protection.outlook.com
(10.152.88.59) by SN1NAM04HT004.eop-NAM04.prod.protection.outlook.com
(10.152.88.170) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.15; Thu, 30 Apr
2020 13:20:16 +0000
Authentication-Results: spf=softfail (sender IP is 80.0.253.66)
smtp.mailfrom=MYDOMAIN; hotmail.com; dkim=pass (signature was
verified) header.d=MYDOMAIN;hotmail.com; dmarc=pass action=none
header.from=MYDOMAIN;compauth=pass reason=100
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
MYDOMAIN discourages use of 80.0.253.66 as permitted sender)
Received: from know-smtprelay-omc-2.server.virginmedia.net (80.0.253.66) by
SN1NAM04FT024.mail.protection.outlook.com (10.152.88.106) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.2937.15 via Frontend Transport; Thu, 30 Apr 2020 13:20:15 +0000
X-IncomingTopHeaderMarker:
OriginalChecksum:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX;SizeAsReceived:1825;Count:19
Received: from raw03.MYDOMAIN ([82.6.59.227])
by cmsmtp with ESMTP
id U96sj6G4lfuiHU96sj6ynq; Thu, 30 Apr 2020 14:20:15 +0100
X-Originating-IP: [82.6.59.227]
X-Authenticated-User:
X-Spam: 0
X-Authority: v=2.3 cv=bO043s2Z c=1 sm=1 tr=0 a=STebS4+JzjIEzFvnCROJsA==:117
a=STebS4+JzjIEzFvnCROJsA==:17 a=cl8xLZFz6L8A:10 a=DAwyPP_o2Byb1YXLmDAA:9
a=4DGMNPVW8O4g9au8jeQA:9 a=CjuIK1q_8ugA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8
a=QNI48Xxsa6yjta3obywA:9 a=ht7hdDhN440RcmHZ:21 a=gKO2Hq4RSVkA:10
a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=frz4AuCg-hUA:10
Received: from Raw02 (raw02 [192.168.1.2])
by raw03.MYDOMAIN(8.14.4/8.14.4) with ESMTP id 03UDKEej027021
for <RECIPIENT_EMAIL_ADDR>; Thu, 30 Apr 2020 14:20:14 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=MYDOMAIN;
s=default; t=1588252814;
bh=CXRF9xk0VZ/8MFc+h1SS+SDeE65kjhAroJZfgR0uePo=;
h=From:To:Subject:Date:From;
b=XXXXXXXXXXXXXXXXXXXXXXXXXXXX=

See the reference the IP Address highlighted in bold - 80.0.253.66 - know-smtprelay-omc-2.server.virginmedia.net  - very confusing as this is clearly a VM Relay Server..

Regards,

Rawcous!

Proud owner of self-hosted:

Domain Mail & Web Server (Sendmail / Dovecot & Apache) - CentOS 6.10
Domain FTP & VPN Server (PureFTP & OpenVPN) - CentOS 6.10

I despise what I have become - I have become what I despise! - Rawcous - Circa. 2014
0 Kudos
Reply
Gareth_L
  • 6.17K
  • 379
  • 665
Forum Team
Forum Team
817 Views
Message 8 of 19
Flag for a moderator

Re: Spam content found

Hi Rawcous

Thanks for the detailed response, We have noticed a few more issues regarding increased spam content over the weekend gone. This may well be one of the niggles that has arisen. 

You can also use https://www.spamhaus.org/ for any Ip issues and possible blacklisting. 

Can you please keep me updated with any further findings 

Gareth_L

0 Kudos
Reply
Rawcous
  • 11
  • 0
  • 0
Tuning in
811 Views
Message 9 of 19
Flag for a moderator

Re: Spam content found

Hello Gareth,

As mentioned I used https://whatismyipaddress.com/blacklist-check which performs checks via multiple sites such as Spamhaus. I have however performed a manually check directly via Spamhaus and can confirm that my I.P / Domain passed all checks - SBL / XBL / PBL / DBL

I am guessing this is occuring throught the VM network and beyond. My issues had been occurring for a week or so and originally I thought there was an issue with my IP Address so I amended my router MAC address which resulted in my I.P Address changing - the problem still remained.

Regards,

Rawcous

Proud owner of self-hosted:

Domain Mail & Web Server (Sendmail / Dovecot & Apache) - CentOS 6.10
Domain FTP & VPN Server (PureFTP & OpenVPN) - CentOS 6.10

I despise what I have become - I have become what I despise! - Rawcous - Circa. 2014
0 Kudos
Reply
Rawcous
  • 11
  • 0
  • 0
Tuning in
778 Views
Message 10 of 19
Flag for a moderator

Re: Spam content found

Hello Gareth,

As per the following this is the exact issue that I am having (the following is a thread started sometime ago by another subscriber):

"Re: 552 5.7.0 SPAM Content Found (VM603)

I have this problem. It started 4 days ago. It relates to my website address www.discoveringbirmingham.co.uk . Whenever I put this on my email content it is now treated as a spam email. The spam system must have added it to a database. How do I get this legitimate www removed from spam filters?

"

"

Re: 552 5.7.0 SPAM Content Found (VM603)

@Jonathan14 wrote:How do I get this legitimate www removed from spam filte rThe Forum Team (@ModTeam) would need to do this so I have flagged your post to them; note that it may take them a few days to reach your post (more given the Spring bank holiday). In the meantime consider using a URL shortening service with the text Discover Birmingham, for example Discovering Birmingham,  in your email until Virgin Media address the issue."

 

My domain concerned is richardwebley.co.uk

Regards,

 

Proud owner of self-hosted:

Domain Mail & Web Server (Sendmail / Dovecot & Apache) - CentOS 6.10
Domain FTP & VPN Server (PureFTP & OpenVPN) - CentOS 6.10

I despise what I have become - I have become what I despise! - Rawcous - Circa. 2014
0 Kudos
Reply