Michael Murphy
asked on
Blacklisted by Spamhaus - how to resolve
A number of emails which I sent recently have bounced back, rejected, with the following error message:
The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was... Blacklisted by Spamhaus: http://www.spamhaus.org/query/bl?ip=41.203.69.5";', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79
How do I unblock these emails?
The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was... Blacklisted by Spamhaus: http://www.spamhaus.org/query/bl?ip=41.203.69.5";', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79
How do I unblock these emails?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am working in Nigeria at the moment and using Etisalat (with a modem flash drive) as the provider.
I am using Outlook Express to send my emails (by the way if I sent them directly from the Internet (e.g. www.eircom.net, or www.yahoo.com) would this make any difference in the emails reaching their destination?
I will try to follow hopeleonie's advice. I am running malware anti-malware program at the moment. I will go to the blacklist (is there only one? is it the Spamhaus website?) and follow their removal instructions.
With regard to Morty500UK, I am not very up-to-speed on details of my email server. However you will probably be able to determine this from the details given at top of this response.
You mention indications of 'a large issue with my email-server/internet line getting used to send out spam emails'. Can this issue be solved by ME? Or has it to be the Provider?
I am using Outlook Express to send my emails (by the way if I sent them directly from the Internet (e.g. www.eircom.net, or www.yahoo.com) would this make any difference in the emails reaching their destination?
I will try to follow hopeleonie's advice. I am running malware anti-malware program at the moment. I will go to the blacklist (is there only one? is it the Spamhaus website?) and follow their removal instructions.
With regard to Morty500UK, I am not very up-to-speed on details of my email server. However you will probably be able to determine this from the details given at top of this response.
You mention indications of 'a large issue with my email-server/internet line getting used to send out spam emails'. Can this issue be solved by ME? Or has it to be the Provider?
ASKER
When I followed the removal instructions in the Spamhaus site I found that my IP was listed under both SBL and CBL
I ran malwarebytes antimalware and removed three viruses
I opened CBL link and found the following:
"IP Address 41.203. ..... (have removed other numbers) is listed in the CBL. It appears to be infected with a trojan, proxy or some other form of botnet.
It was last detected at 2013-12-10 13:00 GMT (+/- 30 minutes), approximately 4 hours, 30 minutes ago.
This IP is infected (or NATting for a computer that is infected) with the slenfbot spambot. In other words, it's participating in a botnet.
If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.
This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again."
I ran the removal program and was told that removal of the IP address is now pending.
With regard to SBL. I opened this and found the following 6 SBL listings for IPs under the responsibility of gloworld.com
SBL202698
41.203..... gloworld.com
02-Nov-2013 01:41 GMT advance fee fraud spam origins
SBL188544
41.203....... gloworld.com
22-Jun-2013 21:55 GMT spam origin network
SBL183174
41.203....... gloworld.com
28-Apr-2013 09:49 GMT Phishing source @41.203.
SBL166715
41.203. gloworld.com
23-Nov-2012 02:52 GMT Criminal hacker attacking mailservers.
SBL157632
41.203. gloworld.com
25-Sep-2012 06:55 GMT Spam origin network
SBL117389
41.203 gloworld.com
19-Sep-2011 20:54 GMT advance fee fraud spam origins
HAVE'NT THE SLIGHTEST CLUE WHAT I SHOULD DO NEXT. CAN YOU ADVISE?
I ran malwarebytes antimalware and removed three viruses
I opened CBL link and found the following:
"IP Address 41.203. ..... (have removed other numbers) is listed in the CBL. It appears to be infected with a trojan, proxy or some other form of botnet.
It was last detected at 2013-12-10 13:00 GMT (+/- 30 minutes), approximately 4 hours, 30 minutes ago.
This IP is infected (or NATting for a computer that is infected) with the slenfbot spambot. In other words, it's participating in a botnet.
If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.
This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again."
I ran the removal program and was told that removal of the IP address is now pending.
With regard to SBL. I opened this and found the following 6 SBL listings for IPs under the responsibility of gloworld.com
SBL202698
41.203..... gloworld.com
02-Nov-2013 01:41 GMT advance fee fraud spam origins
SBL188544
41.203....... gloworld.com
22-Jun-2013 21:55 GMT spam origin network
SBL183174
41.203....... gloworld.com
28-Apr-2013 09:49 GMT Phishing source @41.203.
SBL166715
41.203. gloworld.com
23-Nov-2012 02:52 GMT Criminal hacker attacking mailservers.
SBL157632
41.203. gloworld.com
25-Sep-2012 06:55 GMT Spam origin network
SBL117389
41.203 gloworld.com
19-Sep-2011 20:54 GMT advance fee fraud spam origins
HAVE'NT THE SLIGHTEST CLUE WHAT I SHOULD DO NEXT. CAN YOU ADVISE?
Do you have experience in malware removal?
Just running malwarebytes will not help. The best is to reinstall the Computer to be 100% sure.
After call Etisalat and tell them the problem. After that your flash drive modem will get a new IP. And the Problem is fixed...
http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a41.203.69.5&run=toolpage
Just running malwarebytes will not help. The best is to reinstall the Computer to be 100% sure.
After call Etisalat and tell them the problem. After that your flash drive modem will get a new IP. And the Problem is fixed...
is there only one? is it the Spamhaus website?No. You will find the most here:
http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a41.203.69.5&run=toolpage
ASKER
I will re install the OS as suggested by Hopeleonie. Can u give me a good link to perform the re installation? Have done it before successfully but.......
ASKER
Last year I ran into some difficulty and used the following expert advice to fix it. Can I use the same reinstallation program here? Or can you give me a link to a more appropriate one?
you can always repair the OS by using sfc, or a repair install :
http://www.updatexp.com/scannow-sfc.html SFC use in XP
http://www.michaelstevenstech.com/XPrepairinstall.htm Repair install XP
By the way do I need also to change my passwords etc
you can always repair the OS by using sfc, or a repair install :
http://www.updatexp.com/scannow-sfc.html SFC use in XP
http://www.michaelstevenstech.com/XPrepairinstall.htm Repair install XP
By the way do I need also to change my passwords etc
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes but I dont have Windows 7. Also I am in a remote part of Nigeria and have no access to this, and the internet is very poor. But I will try to do the clean installation using the first link you give above.
Will let you know how it goes. I do have the installation disks with me. Thanks
Will let you know how it goes. I do have the installation disks with me. Thanks
ASKER
1. According to the link you gave me a clean installation would mean that all programs on the C drive would be deleted. I do have a second larger drive. Can the programs be transferred to this drive?
2. I will only be using Etisalat for another 3 weeks. I will be then returning to Europe (ireland) and using other providers there. Will this mean that I would no longer have the offensive IP address and the blacklisting would no longer apply? If this were so I might leave things as they are.
3. I have an Iphone 3G which sends and receives emails. Is this affected by the blacklisting? I rarely use it, but if I knew that the blacklisting would not apply to emails sent by the Iphone, I could use this exclusively for the next 3 weeks.
Advice appreciated on these.
2. I will only be using Etisalat for another 3 weeks. I will be then returning to Europe (ireland) and using other providers there. Will this mean that I would no longer have the offensive IP address and the blacklisting would no longer apply? If this were so I might leave things as they are.
3. I have an Iphone 3G which sends and receives emails. Is this affected by the blacklisting? I rarely use it, but if I knew that the blacklisting would not apply to emails sent by the Iphone, I could use this exclusively for the next 3 weeks.
Advice appreciated on these.
ASKER
Would really like a response to my last post.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks.
I have three email accounts. One of them is working perfectly. I can send emails and they reach. I have tested this thoroughly today.
Emails sent from the other two accounts bounce back. One server is eircom.net, (webmail.eircom.net) the other yahoo.
Here are the two ERROR messages:
1. The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was '………@oceanfree.net'. Subject 'test test', Account: 'webmail.eircom.net', Server: 'mail1.eircom.net', Protocol: SMTP, Server Response: '550 5.1.1 ………@oceanfree.net> Blacklisted by Spamhaus: http://www.spamhaus.org/query/bl?ip=41.203.69.3";', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79
2. The message could not be sent because the server rejected the sender's e-mail address. The sender's e-mail address was 'E………@yahoo.ie'. Subject 'test test', Account: 'pop.mail.yahoo.com', Server: 'smtp.mail.yahoo.com', Protocol: SMTP, Server Response: '530 5.7.1 Authentication required', Port: 25, Secure(SSL): No, Server Error: 530, Error Number: 0x800CCC78
You will note that the error message citing 'Spamhaus Blacklist' is mentioned only for the eircom account. So there must be a different problem with the yahoo account. To solve it
I have tried ticking and unticking 'My server requires authentication' box but it makes no difference. Same with 'Log on using Secure Password Authentication'.
I have three email accounts. One of them is working perfectly. I can send emails and they reach. I have tested this thoroughly today.
Emails sent from the other two accounts bounce back. One server is eircom.net, (webmail.eircom.net) the other yahoo.
Here are the two ERROR messages:
1. The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was '………@oceanfree.net'. Subject 'test test', Account: 'webmail.eircom.net', Server: 'mail1.eircom.net', Protocol: SMTP, Server Response: '550 5.1.1 ………@oceanfree.net> Blacklisted by Spamhaus: http://www.spamhaus.org/query/bl?ip=41.203.69.3";', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79
2. The message could not be sent because the server rejected the sender's e-mail address. The sender's e-mail address was 'E………@yahoo.ie'. Subject 'test test', Account: 'pop.mail.yahoo.com', Server: 'smtp.mail.yahoo.com', Protocol: SMTP, Server Response: '530 5.7.1 Authentication required', Port: 25, Secure(SSL): No, Server Error: 530, Error Number: 0x800CCC78
You will note that the error message citing 'Spamhaus Blacklist' is mentioned only for the eircom account. So there must be a different problem with the yahoo account. To solve it
I have tried ticking and unticking 'My server requires authentication' box but it makes no difference. Same with 'Log on using Secure Password Authentication'.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I changed my password for my Yahoo account. I also changed the outgoing port as indicated in the link you gave me. However these made no difference. I am the error message as follows:
The message could not be sent because the server rejected the sender's e-mail address. The sender's e-mail address was 'E………@yahoo.ie'. Subject 'test test', Account: 'pop.mail.yahoo.com', Server: 'smtp.mail.yahoo.com', Protocol: SMTP, Server Response: '530 5.7.1 Authentication required', Port: 25, Secure(SSL): No, Server Error: 530, Error Number: 0x800CCC78
I have tried to contact Yahoo, but it is a nightmare to attempt this. I can find no email link for support from Yahoo. Even the 'quick link' advice they give under 'suggestions' takes me nowhere. The whole object of their customer care support seems to be to stop a user from accessing any direct support.
I am accessing my Yahoo account now only through the Yahoo Website. I have sent emails - they appear in the sent box - but I have no definite way of finding out whether they actually arrive. I am going to test this now by sending from Yahoo to my other accounts.
The message could not be sent because the server rejected the sender's e-mail address. The sender's e-mail address was 'E………@yahoo.ie'. Subject 'test test', Account: 'pop.mail.yahoo.com', Server: 'smtp.mail.yahoo.com', Protocol: SMTP, Server Response: '530 5.7.1 Authentication required', Port: 25, Secure(SSL): No, Server Error: 530, Error Number: 0x800CCC78
I have tried to contact Yahoo, but it is a nightmare to attempt this. I can find no email link for support from Yahoo. Even the 'quick link' advice they give under 'suggestions' takes me nowhere. The whole object of their customer care support seems to be to stop a user from accessing any direct support.
I am accessing my Yahoo account now only through the Yahoo Website. I have sent emails - they appear in the sent box - but I have no definite way of finding out whether they actually arrive. I am going to test this now by sending from Yahoo to my other accounts.
ASKER
It seems that two of the accounts work using Outlook Express. Two other accounts (I have four) will not work, but they do work from the websites of the providers. I am going to leave it at that, since I have a way of sending emails and receiving them now.
One final query: sending an email from the Yahoo Mail website to a recipient in England, it bounced back with the message as follows: Can you interpret?
"A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
eg13@.....ac.uk
SMTP error from remote mail server after end of data:
host mr5.it…...ac.uk [212.219…..56]: 550 Spam score too high (8.6)"
One final query: sending an email from the Yahoo Mail website to a recipient in England, it bounced back with the message as follows: Can you interpret?
"A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
eg13@.....ac.uk
SMTP error from remote mail server after end of data:
host mr5.it…...ac.uk [212.219…..56]: 550 Spam score too high (8.6)"
ASKER
The problem is not solved. However I have managed to work around it. I see what happens when i obtain a different server in Ireland. I appreciate the good advice given above and that is why I am awarding marks
If the email system is provided by a third party you should contact them about it so they can get it removed. Note, if a removal is requested before the problem is identified and dealt with you'll likely get blacklisted again and in some cases this can be permanent.
The fat that you're on a number of blacklists (including some well known ones) would indicate a large issue with your email server/internet line getting used to send out spam emails.