Mail malfunctioning. Suspect virus. Affects my Macbook and Mac Mini, not iOS devices. Mail is received, cannot send. Sending is "blocked". Also, one addressee of a message I sent was renamed by Mail with the name of an unrelated entry in Contacts. I'm running 10.10.3. Many thanks for your help.
Contact iCloud Support. You're seeing this site at its most useless.
Linc has a good point; 99% of the time that people say "my computer isn't working right, I think I have a virus" that couldn't be further from the truth. Applying Occam's razor, you don't have virus, or a trojan, or malware.
But the thing that sticks with me is that spamhaus says you're blacklisted, and that's far from typical. It doesn't necessarily mean that you have a trojan or malware, but it's a solid indicator that the problem is not in the usual 99%.
I would love to be proved useless. Run the scans, post the result in the morning.
But one more thing - are you using Tor or an "anonymizer" - anything that would mask your true IP address (with obvious implications about being blacklisted, I think - though this is an even more useless question)?
Linc Davis wrote:
You're seeing this site at its most useless.
That's an odd statement. There is a general consensus that steven's IP has been blacklisted. Just clicking the link provided in the e-mail response returns:
This IP Address is currently being blocked: 66.102.236.138
| IP Lookup Information | ||
| IP Address | 66.102.236.138 | |
| Reverse Lookup | We cannot identify the domain this IP belongs to. You may need to update your DNS records. |
|
| Earliest Seen as Spam | 04/20/2015 21:40:24 GMT | |
| Most Recently Seen as Spam | 04/20/2015 22:08:46 GMT | |
| # of Spam Msgs Collected | 5 | |
| Query Time | 04/23/2015 23:33:58 GMT | |
How much more obvious can it get? And this is an example of ASC at its most useless? (Must restrain self from further commentary...)
Anyway. This is old news. This has been happening for years. Here is a link from 2013: Proofpoint blocking email. Here is another, 3rd party confirmation from 2013: https://support.runbox.com/index.php?/News/NewsItem/View/68/resolved-emails-bein g-rejected-by-proofpoint.
This kind of thing happens on a regular basis. Will a gazillion e-mail clients and servers in the world, most of them sending spam and/or infected with viruses, we are just lucky it doesn't happen more often. Contact both ProofPoint and your ISP (Fiberlight maybe?) to try to get off the blacklist. You might even try shutting off your ISP modem for half an hour or so. Maybe that will give you a new public IP address that isn't being blocked.
Gents,
It's been useless in that there really hasn't been a specific solution to the problem. Per one suggestion, I requested to be unblocked and that was supposed to happen within a couple of hours, but did not. And it's been useless in that two experts haven't been able to agree on whether I have even been blocked -- despite what the Apple Mail "can't send to iCloud server" warning says -- or whether I have actually been infected or whether, if I have been, how specifically to be rid of the infection.
If it's any consolation, Apple iCloud help made the problem worse in that the existing problem persists but now, in addition, Mail won't even select an SMTP server, iCloud or otherwise, when I hit "send" from my dot Mac address. That tech adviser has now been removed from this issue, after telling me I shouldn't ask "why" because if he knew he'd be a software engineer, and the issue has now been handed off to a senior adviser who took all the information, said she'd never seen anything like it before ⚠ and would get back to me today.
In the meantime, if you guys come to a consensus, or other readers who have experienced this have a specific solution, I am eager to hear whatever you've all got!
Many thanks for taking so much time on this.
Best
S
stevenfromwoodville wrote:
I don't send mass emails and have no idea what these coding methodologies are, but I get the point. I've been hacked.
Not necessarily. This definitely isn't malware, unless you're the first ever to encounter it. There's no known Mac malware capable of infecting a Mac running Yosemite. However, it also shouldn't be a remote hack of your iCloud account, since someone sending e-mails from your iCloud account remotely would be using a different IP address. Plus, you say you can send just fine from iCloud's web site.
There's no doubt, though, that the IP address shown in that e-mail explaining that your message was blocked has been blacklisted for sending spam. I'm assuming that that is your IP address, but just to make sure, go to whatismyipaddress.com and check. Is the address reported there the same (ie, 66.102.236.138)?
If so, the best explanation I can come up with is that someone else was using that IP address with an infected Windows PC, and that resulted in the IP address getting blacklisted. However, most internet service providers (ISPs) will give dynamic IP addresses, meaning that they change. At some point, the IP address your cable/DSL modem was using changed, and you got lucky enough to get the bad IP address. Alternately, it's possible that someone with an infected Windows machine was actually connected to your network, using that IP address.
There's a simple test you can do to see if this is the problem. Take your MacBook Pro to a different network, such as a friend's or relative's house, a local public library, a coffee shop with free wifi, etc. Try sending an e-mail message from iCloud using Mail while on that network. If it works, and then fails again when you go back home, this is definitely the problem.
If you can verify this, contact your ISP. They can give your modem a new address, and can more effectively intercede with Proofpoint to ensure the blacklisting on that IP address is cleared. The latter is definitely important, as otherwise some other unlucky person on your ISP's network will end up with that IP address and be frustrated by similar problems.
If the problem continues while you're connected to a different network, let us know.
BTW, I know that responses here have confused you, and I'd advise that you ignore Linc for the moment. His "everyone here is an idiot but me" routine is not helping.
Does the Intego Virus Barrier prevent new viruses, or could it identify and remove viruses that are already in place and causing the problem to begin with?
The problem you're having is definitely not related to any known virus or malware on your computer. So VirusBarrier will not help with that, and may cause you other problems. It's best not to muddy the waters.
And do products like Adware Medic deal just with ad-related malware or other infections like the one that seems to have affected my computer(s)?
AdwareMedic is definitely not a solution to this problem. It only detects and removes adware, and this isn't a problem that would be caused by adware.
Thanks. I'll certainly be trying this on another network and double-checking that IP address.
But in the category of "yet another thing I should have mentioned," my wife's Mac, which is on the same network, seems not be having this problem. And, as I did mention, my iOS devices (iPhone and iPad) can send mail from my iCloud account.
What do these facts mean with respect to the blocked IP address explanation for the problem?
Best
S
stevenfromwoodville wrote:
in the category of "yet another thing I should have mentioned," my wife's Mac, which is on the same network, seems not be having this problem. And, as I did mention, my iOS devices (iPhone and iPad) can send mail from my iCloud account.
What do these facts mean with respect to the blocked IP address explanation for the problem?
That's a good question. Run that IP address test on all those devices, both the affected ones and those that aren't affected. If the IP address on all of them is the same, then that shoots down my theory. If the IP address on the affected machines is different, that means there's something different about the way they're connecting to the network. If the affected Macs are using any kind of VPN (virtual private network) or an anonymizer (such as Tor), and the others are not, that could explain the issue as well.
Thomas is making sense, listen to Thomas.
I reread what I posted, and I think I should clarify - I meant to say that there are three possibilities that I could think of, from most likely to least likely:
1. You are a computer programming student, and wrote bad code that got you blacklisted (but you ruled that out)
2. You randomly picked up an IP address that was already blocked (this is what Thomas is suggesting). Shutting down your router often will get you a new IP address, but you have to wait long enough before you turn it on again, and it's impossible to know how long is long enough. So calling your ISP as Thomas said is a great alternative, so is trying from some other location (as long as iCloud support didn't mess up your settings too much).
3. The least likely possibility - after you rule out the other two - is that you have some sort of malware and are part of a botnet. So the last resort - and I should have stressed this is a last resort - is to scan for malware or erase and restore from a backup. But here I disagree with Thomas, a little - I think it might be a waste of time to run a scan but otherwise mostly harmless. ClamXAV is free, and the version that you get from the App Store won't cause the problems that antivirus software may cause (it has no active or "live" blocking - it quits when you tell it to). And I've had very positive experience with Virus Barrier.
My apologies if I misled you. I should have been more clear from the start, and then I got a little bent out of shape by the way the conversation turned and I lost sight of your real problem, which is the blacklisting.
It can be tough to get yourself off the blacklists, so getting a new IP address is the way to go.
Update.
-- My iPhone has a different IP address than my affected computers
-- HOWEVER, my wife's Macs have the same IP address I do and they are not affected.
-- We use Cloak VPN, but while this has been going on Cloak has been on, but not "securing" our comms because weaker on a "trusted" network. I'm actually not sure why this would be a factor. My iPhone is running Cloak.
Thoughts?
S
Further Update
-- As reported above, my wife's computer is fine when using the IP address that is blacklisted when I use it.
-- I just activated Cloak, the VPN, on my computers and Apple Mail now works using my iCloud account because the VPN changes the IP address from one beginning with 66 to another beginning with a 3 digit number.
-- My phone and iPad were working all along because the VPN had been enabled on both devices.
So what we now know is that the problem is related to an IP address but only on two specific computers using that address, but not on all the computers using that address.
Thoughts?
Thanks
S
stevenfromwoodville wrote:
So what we now know is that the problem is related to an IP address but only on two specific computers using that address, but not on all the computers using that address.
That one has me stumped.
My only guess is that maybe the Mail settings are slightly different on each of the computers. Maybe your wife's computer is using a login method that bypasses the blacklist check, but you're using a different login method (maybe older - have you had your account longer than her?). This is a shot in the dark, but compare your account settings.
Certainly worth a try,thanks.
S
stevenfromwoodville wrote:
-- As reported above, my wife's computer is fine when using the IP address that is blacklisted when I use it.
-- I just activated Cloak, the VPN, on my computers and Apple Mail now works using my iCloud account because the VPN changes the IP address from one beginning with 66 to another beginning with a 3 digit number.
-- My phone and iPad were working all along because the VPN had been enabled on both devices.
So what we now know is that the problem is related to an IP address but only on two specific computers using that address, but not on all the computers using that address.
As Joseph suggested, your wife's machine is probably using a different server. The server in question is the SMTP server and for iCloud, Apple conveniently keeps that hidden. Considering the size of Apple's iCloud e-mail server, there are certainly many SMTP servers being used. They are all in various states of disrepair. Your best bet is to contact your ISP and tell them that your IP address has been blacklisted. Tell them about your VPN fix. They will fix it, but it will take some time.
Using the VPN was an excellent idea. I have a similar problem with Apple's services. For the past month, some of Apple's updates have been downloading at glacial speeds. I have a US VPN so my wife can watch TV shows (in Canada) from the US that are embargoed. As you know, a VPN is going to slow down your connection somewhat. But when I turn on my US VPN, my Apple software update speeds jump 50 fold easily. Downloading 10.10.3 went from hours to 5 minutes. Given how many servers of all kinds that Apple has, the kinds of problems that both you and I experience are pretty normal. There is always a tiny percentage of people who are unlucky enough to be on a bad Apple server or router. With the size of Apple, that tiny percentage could be 2 million people.
Unfortunately, you've seen the same effect right here on Apple Support Communities. It doesn't mean there wasn't a consensus, it just means you were unlucky enough to attract the attention of one person who is experiencing some "issues" right now.
stevenfromwoodville wrote:
So what we now know is that the problem is related to an IP address but only on two specific computers using that address, but not on all the computers using that address.
That's an odd one. I am making the assumption that your wife's Mac is able to send via her iCloud account through Mail, despite being on the affected IP address? If she's sending through a different e-mail account, that may not be affected. If it is an iCloud account, it may be that etresoft is correct and her computer is, by chance, connecting to a different iCloud server. Or there may be some other factor involved that we haven't identified yet.
In any case, it sounds like you're on track to fix the IP address issue.
Just saw this post that might be one more thing to check for the block.
Re: Mail.app is using port 585 and blocking my server connection. How to block it?
Mail malfunctioning. Cannot Send. Suspect Virus. Need Help.
