Can't send emails from ONE of the computers on the network(it's not a firewall issue)
 

Hi there,
Some time ago, I caught a light spyware infection on my laptop, but got rid of it pretty easily. One day after that, I noticed, that I can't send emails via smtp.

At that time, I was still connected via WIRED connection to my virgin cable modem, because Virgin Media forgot to send me the router. Now I have it, and got 3 comps on home network. Two of them, can send emails easily - apart from this one laptop.
I tried to disable firewall, doesn't help. Smtp server settings are correct, and it applies for TWO different accounts (none of them can send mail outside).

My desktop computer does that without problems, via the same email providers. How strange !

I'd appreciate any hints/suggestions.

thanks

Przemek

Re: Can't send emails from ONE of the computers on the network(it's not a firewall is
 

Your infection might have beenrather more serious. It had done its job before dying. You've not told us what spyware it was and how you disabled it.

So, on the info you've provided (i.e. no details of what happens when you try to send mail, POP3, HTTP - messages, etc.) you most likely need to do a deep virus clean on your PC. Anything could have been tainted and stuff might still be lurking.

Re: Can't send emails from ONE of the computers on the network(it's not a firewall is
 

without more info on your settings and mail client it is difficult to tell!

you could try uninstalling the mail client and re-installing setting up the mailboxes from scratch.

Re: Can't send emails from ONE of the computers on the network(it's not a firewall is
 

Jawar, SMTP is a text based protocol so it's dead easy to test with Telnet (if you're on Vista you may need to install telnet via Programs and Features, Turn Windows Features On or Off, Telnet client). Drop to a command prompt and enter

telnet smtp.ntlworld.com 25

Tell us what error message you get. If you don't get an error then try and send an email to yourself by entering

HELO ntlworld.com<CR>
MAIL FROM:youremailaddress@ntlworld.com<CR>
RCPT TO:youremailaddress@ntlworld.com<CR>
DATA<CR>
test<CR>
.<CR>
<CR>
QUIT<CR>

Obviously don't type <CR>, hit return instead, and you can't use backspace so it's best to copy and paste each line so you don't make a mistake. If you get an error after entering one of those lines (an error will be any response which is not a 250) then let us know what it is.

Re: Can't send emails from ONE of the computers on the network(it's not a firewall is
 

Second that, you should get something, like "Well Hello there" along those lines. However, when sending via Outlook, what error message if any are you getting? I assume you haev checked all your crudentials?

Re: Can't send emails from ONE of the computers on the network(it's not a firewall is
 

Hello everyone,

Thanks for prompt responses!

after typing telnet smtp.mbhost.pl 25 (this is my main email provider, but the same happens with others) , i get :

220 mbhost.pl ESMTP Exim 4.69 Fri, 09 Oct 2009 08:48:25 +0200
HELO mbhost.pl <CR>
250 mbhost.pl Hello xx-xxx-xx-x.cable.ubr11.dals.blueyonder.co.uk [xx.xxx.xx.x]
MAIL FROM:jawor@xxxxxxxx.xx
500 unrecognized command

(where xxx is my private ip and domain - irrelevant here i hope)
I think I should type login and password here, shouldn't i ?

Anyway, when trying to send emails from Outlook (but also Thunderbird) I get

Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'pop.wp.pl', Server: 'smtp.wp.pl', Protocol: SMTP, Port: 25, Secure(SSL): No, Error Number: 0x800CCC0F

this also happens when I disable my firewall (ESET Smart Security). I will try to clean it with anti-malware scanner later today, but I thought my antivirus should have done the job already.. maybe I am wrong.

I still have no idea why SMTP doesn't work.. maybe my MAC address is on some sort of 'black list' with those email providers? Maybe this spyware that I had was sending spam from my laptop? Is it possible?

Re: Can't send emails from ONE of the computers on the network(it's not a firewall is
 

Your Mac would be irrelevent in this case, your ip wont be blacklisted either if you can send mail from your other machines.

Setup a gmail account and try sending pop email to them using the client.

Re: Can't send emails from ONE of the computers on the network(it's not a firewall is
 

http://support.microsoft.com/kb/813514

any use?

Re: Can't send emails from ONE of the computers on the network(it's not a firewall is
 

Jawar, the "500 unrecognised command" error will have been because you hit backspace at some point while you were typing that line. It might be worth another try but type really carefully - it works fine when I try using the same server. You need to be trying with smtp.wp.pl though, not with smtp.mbhost.pl because the error you get is specifically when you try to relay through smtp.wp.pl. Use your wp.pl email address as the MAIL FROM: address too, not the one with the domain you have registered with idhost.pl.

The fact that you can connect to smtp.mbhost.pl and talk with it means that you do not have a DNS problem, routing problem, or a firewall problem, which all helps in eliminating causes.

I'd still like to see the result of the telnet test through smtp.wp.pl though.

I think Sir John's Luke's suggested technet article is well worth going through. I've not seen that one before but I've bookmarked it myself for future reference.

Re: Can't send emails from ONE of the computers on the network(it's not a firewall is
 

If you are getting a 500 error, have you got a firewall blocking the outbound SMTP port 25? Have you got Windows Firewall blocking the Outbound SMTP port 25?

I'm still interested to see the telnet response, that will help a few things

cmd >> telnet mbhost.pl
cmd >> telnet 87.98.233.200 25

Should see
Not blacklisted at spamhaus: http://www.spamhaus.org/query/bl?ip=87.98.233.200

However, look at this: http://www.mxtoolbox.com/SuperTool.a...a87.98.233.200

Also, have you tried changing toe incoming and outgoing mailserver to: 87.98.233.200

Re: Can't send emails from ONE of the computers on the network(it's not a firewall is
 

Hello everyone,

Thanks again for helpful responses ! I managed to solve the problem, and it was more trivial than I thought.

First I tried telnet smtp connection, and it worked, so I knew it's not even connectivity issue(!).

220 mbhost.pl ESMTP Exim 4.69 Sat, 10 Oct 2009 22:37:28 +0200
helo mbhost.pl
250 mbhost.pl Hello
Mod Edit: [xx.xxx.xx.x]
mail from:jawor@xxxxxx.xxx
250 OK
rcpt to:xxx@gmail.com
250 Accepted
data
354 Enter message, ending with "." on a line by itself
this is a test email
.
250 OK id=1Mwii0-00069Z-Do

Email was delivered, so there was no problem with the connection!

Then I rescanned the laptop with Malwarebytes Anti-Malware, and removed all hidden spyware and malware. I don't know why my current antivirus program (ESET Smart Security) didn't find them out, but that's a different story.

I attach the log below, it found 9 files and few other traces of spyware, trojan horses etc. I just wonder which one of them was blocking my Outlook's and Thunderbird's SMTP connections.. damn. It was that simple!

Thanks a lot for help!

----------------------

Malwarebytes' Anti-Malware 1.41
Database version: 2938
Windows 5.1.2600 Service Pack 3

10/10/2009 21:09:28
mbam-log-2009-10-10 (21-09-28).txt

Scan type: Quick Scan
Objects scanned: 107008
Time elapsed: 9 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\PromoReg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\12365154 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\drivers\1ca87dfc.sys (Rootkit.Rustock) -> Delete on reboot.
C:\WINDOWS\temp\wpv261252249250.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\JaworJawor\Local Settings\temp\TMP8292.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\12365154\12365154 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\12365154\pc12365154ins (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\JaworJawor\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv431250826839.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv521251225613.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv751251946612.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Re: Can't send emails from ONE of the computers on the network(it's not a firewall is
 

Re: Can't send emails from ONE of the computers on the network(it's not a firewall is
 

Glad it's sorted!

Re: Can't send emails from ONE of the computers on the network(it's not a firewall is
 

Pleased to have been of service! (Post #2).

Simples.