Mail malfunctioning. Suspect virus. Affects my Macbook and Mac Mini, not iOS devices. Mail is received, cannot send. Sending is "blocked". Also, one addressee of a message I sent was renamed by Mail with the name of an unrelated entry in Contacts. I'm running 10.10.3. Many thanks for your help.
This is what it tells me:
________________________________________________________________
Verify that you have addressed this message correctly. Check your SMTP server settings in Mail preferences and verify any advanced settings with your system administrator.
The server response was: Blocked - see https://support.proofpoint.com/dnsbl-lookup.cgi?ip=66.102.236.138: RTakeyh@cfr.org
Select a different outgoing mail server from the list below or click Try Later to leave the message in your Outbox until it can be sent.
Sending from: Steven
__________________________________________________________________
<Personal Information Edited by Host>
You can recheck the Contacts box. Please don't post your own or anyone else's email address on this site. It will expose you to spam, and it makes extra work for the moderators who have to delete it.
Please sign out of iCloud in its preference pane, then sign back in and see whether there's any change. No data will be removed from the servers. That said, you should always have a current archiveof the data for safety's sake, even if you don't sign out.
If you use iCloud Keychain, when you sign back in to iCloud follow one of the procedures described in this support article to set it up on an additional device.
Apologies for cpmplicating things for the moderators. live and learn... won't do it again.
When signing out of iCloud, should I select "delete [contacts] from Mac" or select "Keep Contacts"?
Thx
S
Delete. They'll be restored when you sign back in.
the iCloud drive has been setting up for 20 minutes... the radial pattern is still rotating. Is this normal?
Thx
S
You are blacklisted (assuming you posted your real IP address).
You can check for yourself at http://cbl.abuseat.org/lookup.cgi and http://www.spamhaus.org/lookup/
If you've been trying to send mass emails or doing some php/python/ruby coding where you send emails, you may have done it to yourself - use the blacklist removal tools and then fix whatever is wrong with your code before you try again.
Or, you may have picked up an IP address from your ISP that was previously used by an infected machine. Turn off your router for a few minutes and then turn it on again, it should pick up a new IP address.
And finally, yes you may be infected with a trojan and now are part of a botnet - someone is using your Mac to send messages.
If so, start here: http://www.thesafemac.com/mmg/ and good luck. You might want to completely erase your hard drive and re-install from a backup that's older than when you suspect you picked up whatever it is. If you want to remove it without re-installation, get yourself a good virus scanner (Intego VirusBarrier seems pretty solid to me) and AdwareMedic.
I figured this was the case. No I don't send mass emails and have no idea what these coding methodologies are, but I get the point. I've been hacked.
A couple of questions: Does the Intego Virus Barrier prevent new viruses, or could it identify and remove viruses that are already in place and causing the problem to begin with?
And do products like Adware Medic deal just with ad-related malware or other infections like the one that seems to have affected my computer(s)?
Thanks
S
You are not blacklisted, you're not infected with malware, and neither "adwaremedic" nor "Virus Barrier" is of any use at all.
You never had a virus. There are none that affect OS X. Someone hacked into your email account at the ISP. Installing any AV software on your Mac will do nothing. AdwareMedic will also do nothing in this case. It finds and removes adware only.
You need to change your email account passwords to something much more secure and difficult to break, something obnoxious that would take literally billions of years to break, like eiILLbHM6R2pWv8F9RcsudQu . Once you've secured your accounts, get yourself off the blacklists.
Just for fun, put the password above into this site and see how long it would take to break.
Guys,
You're the experts and I don't know who's right here. On one hand, it is true that I am blocked from sending messages from my iCloud account. That much we know. Does this signify blacklisting or not? If it does, how do get un-blacklisted? And how do I get rid of whatever it is that led to my blacklisting -- or my messages being blocked -- to begin with.
We also know now that turning the router off for 10 minutes doesn't solve the problem, since I've just tried that.
We know, in addition, that this does not affect sending messages from my iCloud account on my iOS devices, which seem to be glitch free.
Thanks for chipping away at this problem.
S
His IP address most definitely is listed in the CBL and Spamhaus and proofpoint link that he posted. He is blacklisted.
In any case, even if I'm 100% wrong, it won't hurt to run the AdwareMedic and virus scans (if you don't want to buy one, use ClamXAV) - at worst you'll waste some time but at least you'll know if your system is clean or not.
If you are in infected by something, there's a possibility that you have multiple problems so don't worry about what each one will find.
I just went through deleting Trojans from my Mom's Mac, the combination of Intego and AdwareMedic was very helpful. Intego will work to both prevent new infections and to remove existing ones.
Check your system preferences, make sure that under "Security and Privacy" you do not have "Allow apps" set to "anywhere". That can be annoying at times, but if you really need to bypass it for an app your downloaded you can right-click to open it (instead of double-clicking).
Does this signify blacklisting or not?
No, it does not, as you can verify for yourself by clicking the link in the reject message from the mail server. The message was rejected because you sent invalid data, or at least data that the receiving server didn't understand, in the header.
And how do I get rid of whatever it is that led to my blacklisting -- or my messages being blocked -- to begin with.
Possibly you are triggering a bug in iCloud. If signing out and signing back in doesn't clear it, then you'll have to contact iCloud Support for a resolution. DO NOT install any kind of "anti-virus" software, as all such software is worse than useless.
Actually there's a simple test you can do to see if you're truly blacklisted (everything I've said is based on the assumption that you posted your IP address, which might not be true).
Go to google and type in "what is my IP address" then take the number that google gives you and paste into the Spamhaus link I gave you. If spamhaus says you are blacklisted, then you are blacklisted. They provide the tools or links to remove yourself, but this doesn't happen randomly - there's a reason for it, and you need to identify the underlying cause.
If you have a trojan (not a virus - Kurt is correct. This would have to be something you or a family member inflicted on yourself by downloading and installing bad software- a "virus" is self-spreading) and don't remove it, the problem could start all over again in a few days or weeks, even if you get a new IP address or remove your current iP from the blacklist.
Linc Davis wrote:
Does this signify blacklisting or not?
No, it does not, as you can verify for yourself by clicking the link in the reject message from the mail server. The message was rejected because you sent invalid data, or at least data that the receiving server didn't understand, in the header.
From the CBL site (using the IP address posted earlier)
IP Address xxx.xxx.xxx.xxx is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet.
It was last detected at 2015-04-20 22:00 GMT (+/- 30 minutes), approximately 2 days, 23 hours, 29 minutes ago.
This IP is infected (or NATting for a computer that is infected) with a spambot we have not yet been able to identify. For the time being we refer to it as the unknown2250 spambot.
This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.
Yes, I've tracked this down too. For the moment I'm at a loss as to the best course to take.
S
Mail malfunctioning. Cannot Send. Suspect Virus. Need Help.
