Solved

Blacklisted by Spamhaus - how to resolve

Posted on 2013-12-10
17
1,697 Views
Last Modified: 2013-12-22
A number of emails which I sent recently have bounced back,  rejected,  with the following error message:

The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was...   Blacklisted by Spamhaus: http://www.spamhaus.org/query/bl?ip=41.203.69.5";', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79

How do I unblock these emails?
0
Comment
Question by:Michael Murphy
  • 11
  • 3
  • 3
17 Comments
 
LVL 18

Accepted Solution

by:
hopeleonie earned 250 total points
ID: 39708266
You are blacklisted in many places. I would contact your Internet Provider (maybe Globacom Ltd).

blacklisted
First you may have to clean your Computer or Network (from Malware, Bots, Spam etc.). After you have fixed the Problem (s) you'll need to go back to the blacklist's website and follow their specific removal process.
0
 
LVL 13

Expert Comment

by:Andy M
ID: 39708757
It would depend on if you own/maintain your own email server and the internet line it is on. If you do then you will need to locate the reason for the blacklist (virus/malware, settings on email server are secure, no mass-emailing going on, etc) then once you're happy you can request removal.

If the email system is provided by a third party you should contact them about it so they can get it removed. Note, if a removal is requested before the problem is identified and dealt with you'll likely get blacklisted again and in some cases this can be permanent.

The fat that you're on a number of blacklists (including some well known ones) would indicate a large issue with your email server/internet line getting used to send out spam emails.
0
 

Author Comment

by:Michael Murphy
ID: 39708961
I am working in Nigeria at the moment and using Etisalat (with a modem flash drive) as the provider.
I am using Outlook Express to send my emails (by the way if I sent them directly from the Internet (e.g. www.eircom.net, or www.yahoo.com) would this make any difference in the emails reaching their destination?

I will try to follow hopeleonie's advice. I am running malware anti-malware program at the moment. I will go to the blacklist (is there only one? is it the Spamhaus website?) and follow their removal instructions.


With regard to Morty500UK, I am not very up-to-speed on details of my email server. However you will probably be able to determine this from the details given at top of this response.

You mention indications of 'a large issue with my email-server/internet line getting used to send out spam emails'. Can this issue be solved by ME? Or has it to be the Provider?
0
 

Author Comment

by:Michael Murphy
ID: 39709353
When I followed the removal instructions in the Spamhaus site  I found that my IP was listed under both SBL and CBL


I ran malwarebytes antimalware and removed three viruses

I opened CBL link and found the following:

"IP Address 41.203. ..... (have removed other numbers)  is listed in the CBL. It appears to be infected with a trojan, proxy or some other form of botnet.
It was last detected at 2013-12-10 13:00 GMT (+/- 30 minutes), approximately 4 hours, 30 minutes ago.
This IP is infected (or NATting for a computer that is infected) with the slenfbot spambot. In other words, it's participating in a botnet.
If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.
This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again."

I ran the removal program and was told that removal of the IP address is now pending.

With regard to SBL.  I opened this and found the following  6 SBL listings for IPs under the responsibility of gloworld.com

SBL202698
41.203.....      gloworld.com


02-Nov-2013 01:41 GMT      advance fee fraud spam origins      

 
SBL188544
41.203.......      gloworld.com


22-Jun-2013 21:55 GMT      spam origin network      

 
SBL183174
41.203.......      gloworld.com


28-Apr-2013 09:49 GMT      Phishing source @41.203.      

 
SBL166715
41.203.      gloworld.com


23-Nov-2012 02:52 GMT      Criminal hacker attacking mailservers.      

 
SBL157632
41.203.      gloworld.com


25-Sep-2012 06:55 GMT      Spam origin network      

 
SBL117389
41.203      gloworld.com


19-Sep-2011 20:54 GMT      advance fee fraud spam origins      


HAVE'NT THE SLIGHTEST CLUE WHAT I SHOULD DO NEXT. CAN YOU ADVISE?
0
 
LVL 18

Expert Comment

by:hopeleonie
ID: 39709710
Do you have experience in malware removal?
Just running malwarebytes will not help. The best is to reinstall the Computer to be 100% sure.
After call Etisalat and tell them the problem. After that your flash drive modem will get a new IP. And the Problem is fixed...

is there only one? is it the Spamhaus website?
No. You will find the most here:
http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a41.203.69.5&run=toolpage
0
 

Author Comment

by:Michael Murphy
ID: 39710150
I will re install the OS as suggested by Hopeleonie. Can u give me a good link to perform the re installation? Have done it before successfully but.......
0
 

Author Comment

by:Michael Murphy
ID: 39710795
Last year I ran into some difficulty and used the following expert advice to fix it. Can I use the same reinstallation program here? Or can you give me a link to a more appropriate one?

you can always repair the OS by using sfc, or a repair install :
http://www.updatexp.com/scannow-sfc.html                        SFC use in XP
http://www.michaelstevenstech.com/XPrepairinstall.htm            Repair install  XP

By the way do I need also to change my passwords etc
0
 
LVL 18

Assisted Solution

by:hopeleonie
hopeleonie earned 250 total points
ID: 39710920
I would do a clean installation after infections! Check if you have the Key bevor you reinstall.

How to do:
http://pcsupport.about.com/od/operatingsystems/ss/instxpclean1.htm

If you can I would install Windows 7 and not XP.
Note:
http://windows.microsoft.com/en-us/windows/end-support-help
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 

Author Comment

by:Michael Murphy
ID: 39711266
Yes but I dont have Windows 7. Also I am in a remote part of Nigeria and have no access to this, and the internet is very poor.  But I will try to do the clean installation using the first link you give above.

Will let you know how it goes. I do have the installation disks with me. Thanks
0
 

Author Comment

by:Michael Murphy
ID: 39712068
1. According to the link you gave me a clean installation would  mean that all programs on the C drive  would be deleted.  I do have a second larger drive. Can the programs be transferred to this drive?

2. I will only be using Etisalat for another 3 weeks. I will be then returning to Europe (ireland) and using other providers there. Will this mean that I would no longer have the offensive IP address and the blacklisting would no longer apply? If this were so I might leave things as they are.

3. I have an Iphone 3G which sends and receives emails. Is this affected by the blacklisting? I rarely use it, but if I knew that the blacklisting would not apply to emails sent by the Iphone, I could use this exclusively for the next 3 weeks.

Advice appreciated on these.
0
 

Author Comment

by:Michael Murphy
ID: 39712974
Would really like a response to my last post.
0
 
LVL 13

Assisted Solution

by:Andy M
Andy M earned 250 total points
ID: 39713935
Hi

Regarding your last post:

1. Many windows programs cannot be just copied between drives - the installation creates registry keys and other settings. Without the installation media/install files for the programs it is unlikely you'll be able to get those programs back following an OS reinstall.  

2. It would depend if it's your email server that is blacklisted or if you are using an SMTP relay provided by the Nigerian ISP (i.e. your outgoing email is setup to go through their servers). If you use Yahoo webmail does your emails go out fine? If so it's likely the SMTP relay provided by the Nigerian ISP that's blacklisted so assuming the internet provider in Ireland is not blacklisted you should be fine.

3. Depends how your phone is setup and what connection method it's using. If it's setup to use 3G and the email gets sent directly to the email providers server (i.e. Yahoo) it bypasses the internet line in Nigeria and in theory should work fine (assuming it's the ISP that is blocked).
0
 

Author Comment

by:Michael Murphy
ID: 39714734
Thanks.

I have three email accounts. One of them is working perfectly. I can send emails and they reach. I have tested this thoroughly today.

Emails sent from the other two accounts bounce back. One server is eircom.net,  (webmail.eircom.net) the other yahoo.

Here are the two ERROR messages:
1. The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was '………@oceanfree.net'. Subject 'test test', Account: 'webmail.eircom.net', Server: 'mail1.eircom.net', Protocol: SMTP, Server Response: '550 5.1.1 ………@oceanfree.net> Blacklisted by Spamhaus: http://www.spamhaus.org/query/bl?ip=41.203.69.3";', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79

2. The message could not be sent because the server rejected the sender's e-mail address. The sender's e-mail address was 'E………@yahoo.ie'. Subject 'test test', Account: 'pop.mail.yahoo.com', Server: 'smtp.mail.yahoo.com', Protocol: SMTP, Server Response: '530 5.7.1 Authentication required', Port: 25, Secure(SSL): No, Server Error: 530, Error Number: 0x800CCC78

You will note that the error message  citing 'Spamhaus Blacklist'  is mentioned only for the eircom account. So there must be a different problem with the yahoo account. To solve it
I have tried ticking and unticking 'My server requires authentication' box but it makes no difference. Same with 'Log on using Secure Password Authentication'.
0
 
LVL 13

Assisted Solution

by:Andy M
Andy M earned 250 total points
ID: 39721439
Hi

Regarding the first message it looks like the Oceanfree.net server is blacklisted and the eircom email server is refusing the message because it's looking it up on the Spamhaus blocklist.

As for the second issue it may be worth checking the SMTP port - some providers (Google, Hotmail, Yahoo) have started using secure connections for SMTP which requires a different outgoing port. It would be worth checking this with Yahoo themselves - this page may help http://email.about.com/od/accessingyahoomail/f/Yahoo_Mail_SMTP_Settings.htm.

Also be aware that I believe some email providers have started blocking ISP's from certain parts of the world due to abuse/hacking attempts on accounts. If your settings are correct you may still not be able to connect correctly because of this.
0
 

Author Comment

by:Michael Murphy
ID: 39731345
I changed my password for my Yahoo account. I also changed the outgoing port as indicated in the link you gave me. However these made no difference. I am the error message as follows:

The message could not be sent because the server rejected the sender's e-mail address. The sender's e-mail address was 'E………@yahoo.ie'. Subject 'test test', Account: 'pop.mail.yahoo.com', Server: 'smtp.mail.yahoo.com', Protocol: SMTP, Server Response: '530 5.7.1 Authentication required', Port: 25, Secure(SSL): No, Server Error: 530, Error Number: 0x800CCC78

I have tried to contact Yahoo, but it is a nightmare to attempt this. I can find no email link for support from Yahoo. Even the 'quick link' advice they give under 'suggestions' takes me nowhere. The whole object of their customer care support seems to be to stop a user from accessing any direct support.

I am accessing my Yahoo account now only through the Yahoo Website. I have sent emails - they appear in the sent box - but I have no definite way of finding out whether they actually arrive. I am going to test this now by sending from Yahoo to my other accounts.
0
 

Author Comment

by:Michael Murphy
ID: 39731473
It seems that two of the accounts work using Outlook Express. Two other accounts (I have four) will not work, but they do work from the websites of the providers.  I am going to leave it at that, since I have a way of sending emails and receiving them now.

One final query: sending an email from the Yahoo Mail website to a recipient in England, it bounced back with the message as follows:  Can you interpret?

"A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  eg13@.....ac.uk
    SMTP error from remote mail server after end of data:
    host mr5.it…...ac.uk [212.219…..56]: 550 Spam score too high (8.6)"
0
 

Author Closing Comment

by:Michael Murphy
ID: 39734835
The problem is not solved. However I have managed to work around it. I see what happens when i obtain a different server in Ireland. I appreciate the good advice given above and that is why I am awarding marks
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now