BadBoyBill Posted October 11, 2022 ID:1537456 Share Posted October 11, 2022 Starting two days ago, when I tried to send an email, I received a "Message could not be sent" message. The message said there was a problem with my SMTP server, it had been blocked by this "reputation site", and included a URL that I should visit for "remediation". I do not know whether the remediation site is legit or a threat. Repeated whole-machine scans by Malwarebytes Premium has not uncovered anything. I don't know if I am allowed to mention the company name here, but the entire message is included in the attached zip file. Cloudy msg.zip Link to post Share on other sites More sharing options...
BadBoyBill Posted October 11, 2022 Author ID:1537458 Share Posted October 11, 2022 Just now, BadBoyBill said: Starting two days ago, when I tried to send an email, I received a "Message could not be sent" message. The message said there was a problem with my SMTP server, it had been blocked by this "reputation site", and included a URL that I should visit for "remediation". I do not know whether the remediation site is legit or a threat. Repeated whole-machine scans by Malwarebytes Premium has not uncovered anything. I don't know if I am allowed to mention the company name here, but the entire message is included in the attached zip file. Cloudy msg.zip 343 B · 0 downloads Should have mentioned that my email client is Mozilla Thunderbird, my email is handled by cox.net, and I have confirmed with Cox that my SMTP is set up correctly. Link to post Share on other sites More sharing options...
David H. Lipman Posted October 11, 2022 ID:1537461 Share Posted October 11, 2022 (edited) I have moved your post to General Chat as this was not a submission of a malicious or suspicious MS Windows file. I am not sure what issue you are having. The referenced IP address is on Comcast but showed an error associated with a Charter site; p-impout007.msg.pkvw.co.charter.net I have censored the Comcast IP address in the following. Sending of the message failed. An error occurred while sending mail: Outgoing server (SMTP) error. The server responded: p-impout007.msg.pkvw.co.charter.net cmsmtp <censored IP> is listed on Cloudmark CSI-Global. Please visit csi.cloudmark.com/en/reset?ip=<censored IP> AUP#Out-1200. It appears the Comcast IP is in multiple Block Lists.. One reviewed, https://www.ipqualityscore.com , showed "99 - High Risk" I suggest you contact Comcast to discuss this censored IP address. You may want to get assigned a new IP. It is may also be possible that a system or device on this IP (presuming they are on a LAN address behind a Comcast Router) is a problem such as having malware or a BOT and may need remediation. Edited October 11, 2022 by David H. Lipman Edited for content, clarity, spelling and/or grammar Link to post Share on other sites More sharing options...
BadBoyBill Posted October 12, 2022 Author ID:1537574 Share Posted October 12, 2022 Thank you, David. I noticed the references to Comcast and Charter in the error message, but not being an IT guy, I wasn't sure why they would be involved, since my SMTP provider is Cox. I'm still not sure why they are involved, and in fact that is what made me fear the message was fishing attempt, since the "remediation form" asks for a lot of info. However, bottom line, I think you have assured me that Cloudmark is not malware, so I will proceed with an attempt to fix the issue. Bill Link to post Share on other sites More sharing options...
David H. Lipman Posted October 12, 2022 ID:1537585 Share Posted October 12, 2022 Comcast is the IP in question shown in the excerpt. Compare that IP with what you get when you see what your WAN IP is; https://ipinfo.io/json As for Charter and Cox. I don't know. But as an example, I am on Verizon and have a Verizon.Net email address. Verizon bought AOL and Yahoo email assets but then sold them off to Oath Holdings. So even though I have a Verizon email address, I access it on Webmail via AOL and the email Headers show SMTP and IMAP are on the Yahoo infrastructure. Doing a little research I found; Cox and Charter Team to Provide Telecommunications Links for Business Customers Link to post Share on other sites More sharing options...
BadBoyBill Posted October 12, 2022 Author ID:1537617 Share Posted October 12, 2022 Again, thank you David. The .../json link you suggested brings up the same IP as was included on the "Message cannot be sent" message. In the response to that query, the org shows as "Comcast Cable Communications, LLC" and the hostname as "...busname-colorado.hfc.comcastbusiness.net" in Denver. FWIW, I am currently located in a campground in Golden Colorado, and using their campground wifi. I will be here for several more days. The name of the campground, presumably the owner of the comcast account, is not mentioned in the error message or the .../json link. To address the problem, I don't know whether to approach the campground staff (a guaranteed loser, I'm sure), or Comcast, or my home ISP Cox, or Cloudmark. I suppose the ultimate solution is simply to wait until I leave the campground, and hope that the problem no longer exists when I connect to a wifi signal in a new location. Bill Link to post Share on other sites More sharing options...
David H. Lipman Posted October 12, 2022 ID:1537622 Share Posted October 12, 2022 (edited) It is obvious then that the Campground Internet access is being abused. They are sharing the Internet access via WiFi which may or may not violate the Comcast Terms of Service and Authorized Use Policy (ToS/AUP). You may wish to to contact Comcast directly on this issue. There is nothing else you can do about that but I would suggest you do NOT use that WiFi and it possible that it may be compromised. Basically, it is out of your control. For future travels, I would suggest obtaining a MiFi Device. This is a device that access cellular Broadband 3G, 4G or 5G networks. It then provides a limited number of WiFi nodes that can share that one Broadband 3G, 4G or 5G Internet IP and bypasses the need to use Campground, Hotel/Motel, Cafe or other public or semi public WiFi Hotspots. An alternative is VPN but at the same time you have to have a strong TRUST with a VPN provider because that VPN provider can see all your Internet activity. There are unscrupulous VPN providers. Understanding these situations and issues, Malwarebytes offers a service called "Malwarebytes Privacy" which is their VPN service. EDIT: I wrote "...may or may not violate the Comcast Terms of Service and Authorized Use Policy (ToS/AUP)." You did note that this IP is associated with; comcastbusiness.net If the Campground does have a Business Account on Comcast, sharing the IP may not be a violation. Edited October 12, 2022 by David H. Lipman 2 Link to post Share on other sites More sharing options...
BadBoyBill Posted October 12, 2022 Author ID:1537630 Share Posted October 12, 2022 Once again, thanks, Dave. You have unraveled the situation to the point that I now understand what is happening. Your mention of the mi-fi device triggered the solution that I would have used in the beginning, if I understood the issue. My wife's iPhone has a Personal Hotspot capability. I switched it on, logged in, and BANG! I'm back in business. Malwarebytes has saved my butt. I was originally thinking that if the issue was malware, you would know the answer. I was wrong about malware, but you followed through, and I am grateful. Issue closed, thanks to you and Malwarebytes. Bill 1 Link to post Share on other sites More sharing options...
David H. Lipman Posted October 12, 2022 ID:1537633 Share Posted October 12, 2022 I am very happy that not only have we come to a conclusion on this issue, you already have a solution. Link to post Share on other sites More sharing options...
Recommended Posts