Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Blacklisted by Spamhaus - how to resolve

Posted on 2013-12-10
17
Medium Priority
?
2,063 Views
Last Modified: 2013-12-22
A number of emails which I sent recently have bounced back,  rejected,  with the following error message:

The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was...   Blacklisted by Spamhaus: http://www.spamhaus.org/query/bl?ip=41.203.69.5";', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79

How do I unblock these emails?
0
Comment
Question by:Michael Murphy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 3
  • 3
17 Comments
 
LVL 19

Accepted Solution

by:
*** Hopeleonie *** earned 750 total points
ID: 39708266
You are blacklisted in many places. I would contact your Internet Provider (maybe Globacom Ltd).

blacklisted
First you may have to clean your Computer or Network (from Malware, Bots, Spam etc.). After you have fixed the Problem (s) you'll need to go back to the blacklist's website and follow their specific removal process.
0
 
LVL 14

Expert Comment

by:Andy M
ID: 39708757
It would depend on if you own/maintain your own email server and the internet line it is on. If you do then you will need to locate the reason for the blacklist (virus/malware, settings on email server are secure, no mass-emailing going on, etc) then once you're happy you can request removal.

If the email system is provided by a third party you should contact them about it so they can get it removed. Note, if a removal is requested before the problem is identified and dealt with you'll likely get blacklisted again and in some cases this can be permanent.

The fat that you're on a number of blacklists (including some well known ones) would indicate a large issue with your email server/internet line getting used to send out spam emails.
0
 

Author Comment

by:Michael Murphy
ID: 39708961
I am working in Nigeria at the moment and using Etisalat (with a modem flash drive) as the provider.
I am using Outlook Express to send my emails (by the way if I sent them directly from the Internet (e.g. www.eircom.net, or www.yahoo.com) would this make any difference in the emails reaching their destination?

I will try to follow hopeleonie's advice. I am running malware anti-malware program at the moment. I will go to the blacklist (is there only one? is it the Spamhaus website?) and follow their removal instructions.


With regard to Morty500UK, I am not very up-to-speed on details of my email server. However you will probably be able to determine this from the details given at top of this response.

You mention indications of 'a large issue with my email-server/internet line getting used to send out spam emails'. Can this issue be solved by ME? Or has it to be the Provider?
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 

Author Comment

by:Michael Murphy
ID: 39709353
When I followed the removal instructions in the Spamhaus site  I found that my IP was listed under both SBL and CBL


I ran malwarebytes antimalware and removed three viruses

I opened CBL link and found the following:

"IP Address 41.203. ..... (have removed other numbers)  is listed in the CBL. It appears to be infected with a trojan, proxy or some other form of botnet.
It was last detected at 2013-12-10 13:00 GMT (+/- 30 minutes), approximately 4 hours, 30 minutes ago.
This IP is infected (or NATting for a computer that is infected) with the slenfbot spambot. In other words, it's participating in a botnet.
If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.
This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again."

I ran the removal program and was told that removal of the IP address is now pending.

With regard to SBL.  I opened this and found the following  6 SBL listings for IPs under the responsibility of gloworld.com

SBL202698
41.203.....      gloworld.com


02-Nov-2013 01:41 GMT      advance fee fraud spam origins      

 
SBL188544
41.203.......      gloworld.com


22-Jun-2013 21:55 GMT      spam origin network      

 
SBL183174
41.203.......      gloworld.com


28-Apr-2013 09:49 GMT      Phishing source @41.203.      

 
SBL166715
41.203.      gloworld.com


23-Nov-2012 02:52 GMT      Criminal hacker attacking mailservers.      

 
SBL157632
41.203.      gloworld.com


25-Sep-2012 06:55 GMT      Spam origin network      

 
SBL117389
41.203      gloworld.com


19-Sep-2011 20:54 GMT      advance fee fraud spam origins      


HAVE'NT THE SLIGHTEST CLUE WHAT I SHOULD DO NEXT. CAN YOU ADVISE?
0
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 39709710
Do you have experience in malware removal?
Just running malwarebytes will not help. The best is to reinstall the Computer to be 100% sure.
After call Etisalat and tell them the problem. After that your flash drive modem will get a new IP. And the Problem is fixed...

is there only one? is it the Spamhaus website?
No. You will find the most here:
http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a41.203.69.5&run=toolpage
0
 

Author Comment

by:Michael Murphy
ID: 39710150
I will re install the OS as suggested by Hopeleonie. Can u give me a good link to perform the re installation? Have done it before successfully but.......
0
 

Author Comment

by:Michael Murphy
ID: 39710795
Last year I ran into some difficulty and used the following expert advice to fix it. Can I use the same reinstallation program here? Or can you give me a link to a more appropriate one?

you can always repair the OS by using sfc, or a repair install :
http://www.updatexp.com/scannow-sfc.html                        SFC use in XP
http://www.michaelstevenstech.com/XPrepairinstall.htm            Repair install  XP

By the way do I need also to change my passwords etc
0
 
LVL 19

Assisted Solution

by:*** Hopeleonie ***
*** Hopeleonie *** earned 750 total points
ID: 39710920
I would do a clean installation after infections! Check if you have the Key bevor you reinstall.

How to do:
http://pcsupport.about.com/od/operatingsystems/ss/instxpclean1.htm

If you can I would install Windows 7 and not XP.
Note:
http://windows.microsoft.com/en-us/windows/end-support-help
0
 

Author Comment

by:Michael Murphy
ID: 39711266
Yes but I dont have Windows 7. Also I am in a remote part of Nigeria and have no access to this, and the internet is very poor.  But I will try to do the clean installation using the first link you give above.

Will let you know how it goes. I do have the installation disks with me. Thanks
0
 

Author Comment

by:Michael Murphy
ID: 39712068
1. According to the link you gave me a clean installation would  mean that all programs on the C drive  would be deleted.  I do have a second larger drive. Can the programs be transferred to this drive?

2. I will only be using Etisalat for another 3 weeks. I will be then returning to Europe (ireland) and using other providers there. Will this mean that I would no longer have the offensive IP address and the blacklisting would no longer apply? If this were so I might leave things as they are.

3. I have an Iphone 3G which sends and receives emails. Is this affected by the blacklisting? I rarely use it, but if I knew that the blacklisting would not apply to emails sent by the Iphone, I could use this exclusively for the next 3 weeks.

Advice appreciated on these.
0
 

Author Comment

by:Michael Murphy
ID: 39712974
Would really like a response to my last post.
0
 
LVL 14

Assisted Solution

by:Andy M
Andy M earned 750 total points
ID: 39713935
Hi

Regarding your last post:

1. Many windows programs cannot be just copied between drives - the installation creates registry keys and other settings. Without the installation media/install files for the programs it is unlikely you'll be able to get those programs back following an OS reinstall.  

2. It would depend if it's your email server that is blacklisted or if you are using an SMTP relay provided by the Nigerian ISP (i.e. your outgoing email is setup to go through their servers). If you use Yahoo webmail does your emails go out fine? If so it's likely the SMTP relay provided by the Nigerian ISP that's blacklisted so assuming the internet provider in Ireland is not blacklisted you should be fine.

3. Depends how your phone is setup and what connection method it's using. If it's setup to use 3G and the email gets sent directly to the email providers server (i.e. Yahoo) it bypasses the internet line in Nigeria and in theory should work fine (assuming it's the ISP that is blocked).
0
 

Author Comment

by:Michael Murphy
ID: 39714734
Thanks.

I have three email accounts. One of them is working perfectly. I can send emails and they reach. I have tested this thoroughly today.

Emails sent from the other two accounts bounce back. One server is eircom.net,  (webmail.eircom.net) the other yahoo.

Here are the two ERROR messages:
1. The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was '………@oceanfree.net'. Subject 'test test', Account: 'webmail.eircom.net', Server: 'mail1.eircom.net', Protocol: SMTP, Server Response: '550 5.1.1 ………@oceanfree.net> Blacklisted by Spamhaus: http://www.spamhaus.org/query/bl?ip=41.203.69.3";', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79

2. The message could not be sent because the server rejected the sender's e-mail address. The sender's e-mail address was 'E………@yahoo.ie'. Subject 'test test', Account: 'pop.mail.yahoo.com', Server: 'smtp.mail.yahoo.com', Protocol: SMTP, Server Response: '530 5.7.1 Authentication required', Port: 25, Secure(SSL): No, Server Error: 530, Error Number: 0x800CCC78

You will note that the error message  citing 'Spamhaus Blacklist'  is mentioned only for the eircom account. So there must be a different problem with the yahoo account. To solve it
I have tried ticking and unticking 'My server requires authentication' box but it makes no difference. Same with 'Log on using Secure Password Authentication'.
0
 
LVL 14

Assisted Solution

by:Andy M
Andy M earned 750 total points
ID: 39721439
Hi

Regarding the first message it looks like the Oceanfree.net server is blacklisted and the eircom email server is refusing the message because it's looking it up on the Spamhaus blocklist.

As for the second issue it may be worth checking the SMTP port - some providers (Google, Hotmail, Yahoo) have started using secure connections for SMTP which requires a different outgoing port. It would be worth checking this with Yahoo themselves - this page may help http://email.about.com/od/accessingyahoomail/f/Yahoo_Mail_SMTP_Settings.htm.

Also be aware that I believe some email providers have started blocking ISP's from certain parts of the world due to abuse/hacking attempts on accounts. If your settings are correct you may still not be able to connect correctly because of this.
0
 

Author Comment

by:Michael Murphy
ID: 39731345
I changed my password for my Yahoo account. I also changed the outgoing port as indicated in the link you gave me. However these made no difference. I am the error message as follows:

The message could not be sent because the server rejected the sender's e-mail address. The sender's e-mail address was 'E………@yahoo.ie'. Subject 'test test', Account: 'pop.mail.yahoo.com', Server: 'smtp.mail.yahoo.com', Protocol: SMTP, Server Response: '530 5.7.1 Authentication required', Port: 25, Secure(SSL): No, Server Error: 530, Error Number: 0x800CCC78

I have tried to contact Yahoo, but it is a nightmare to attempt this. I can find no email link for support from Yahoo. Even the 'quick link' advice they give under 'suggestions' takes me nowhere. The whole object of their customer care support seems to be to stop a user from accessing any direct support.

I am accessing my Yahoo account now only through the Yahoo Website. I have sent emails - they appear in the sent box - but I have no definite way of finding out whether they actually arrive. I am going to test this now by sending from Yahoo to my other accounts.
0
 

Author Comment

by:Michael Murphy
ID: 39731473
It seems that two of the accounts work using Outlook Express. Two other accounts (I have four) will not work, but they do work from the websites of the providers.  I am going to leave it at that, since I have a way of sending emails and receiving them now.

One final query: sending an email from the Yahoo Mail website to a recipient in England, it bounced back with the message as follows:  Can you interpret?

"A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  eg13@.....ac.uk
    SMTP error from remote mail server after end of data:
    host mr5.it…...ac.uk [212.219…..56]: 550 Spam score too high (8.6)"
0
 

Author Closing Comment

by:Michael Murphy
ID: 39734835
The problem is not solved. However I have managed to work around it. I see what happens when i obtain a different server in Ireland. I appreciate the good advice given above and that is why I am awarding marks
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This Micro Tutorial will demonstrate the easy use of Gmail embedding images in your email so the recipient of your email can view them in context.
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question