Customer can recieve mail but not send

[Galdorf]

turned off firewall
turned off AV
telnet test smtp port 25 on customers machine cannot connect to their providers smtp
telnet test of personal machine smtp port 25 can connect to customers smtp
telnet test smtp port 25 customer machine on my isp smtp can connect
did their provider block their mac address to prevent sending spam?
did find all kinds of malware that could send spam.

 

[nlinecomputers]

Simple to test that theory. Change the mac address. Though I doubt the Mac could be seen outside of your local network,

 

[FremontPC]

Router/Gateway firewall issue? I'm assuming it was the Windows firewall you turned off. Those are the only devices in line that might know about a particular MAC, AFAIK.

 

[gadgetfixup]

You guys can still use port 25 for smtp? All our ISPs blocked port 25 years ago. We had to change to port 587 for smtp. I'd double check with your ISP that they didn't disable SMTP on port 25. Because you can ping it doesn't mean it there is a server on the other end that can authenticate a login.

 

[TAPtech]

Almost every ISP I deal with actively blocks port 25 by default, unless you have a static IP and request that it is not blocked.

 

[FremontPC]

He was able to get through on that port from his personal system going to the customer's ISP, but yeah... port 25, not too reliable anymore. Don't know if he was on site at the time, using the customer's internet connection.

Maybe drop a sniffer on the customer's system?

 

[Galdorf]

You guys can still use port 25 for smtp? All our ISPs blocked port 25 years ago. We had to change to port 587 for smtp. I'd double check with your ISP that they didn't disable SMTP on port 25. Because you can ping it doesn't mean it there is a server on the other end that can authenticate a login.

Tried port 587 no connection their either on customers machine but on my personal machine it shows it is there using telnet on same network.

 

[TAPtech]

Is the email account in question provided by the ISP?

 

[FremontPC]

Go with a Live CD, set up T-bird to leave a copy on the server. That should tell you whether it's Windows or not. If T-bird gets through, then it might be best to go with a fresh Windows install to get rid of unseen/unknown damage caused by the malware.

 

[nlinecomputers]

Sounds like you've still got damage on that Windows system. Windows Tweaking AIO might clean it up. But a Nuke and Pave may be quicker.

 

[Galdorf]

Is the email account in question provided by the ISP?

yes
telnet on customers system smtp on ports 25 and 587 blocked on his email provider
telnet on my smtp server and my isp smtp goes through no problem on customers system
really odd it is as if the isp is somehow blocking smtp by his machine.

 

[nlinecomputers]

Have to called the ISP and found out of they put a hold on his account? If his system was a spam bot logged in and using their SMTP server then yes the firewall on the ISP's SMTP server may have blocked the ip or the account.

 

[Markverhyden]

Does webmail work?

 

[FremontPC]

the ISP's SMTP server may have blocked the ip or the account.

Galdorf checked from the customer's site and was able to connect with his personal laptop (this assumes he used his customer's credentials). Same IP, same account, different machine.

 

[nlinecomputers]

Galdorf checked from the customer's site and was able to connect with his personal laptop (this assumes he used his customer's credentials). Same IP, same account, different machine.

I'm not certain on any of that. Even the Checked from his location. He only said that he checked with his machine to his clients ISP' SMTP server. Was that done on client site or from his office? The ISP should NOT be able to see his machines mac address unless he is not doing NAT routing and is unfirewalled exposed from a static IP to the ISP. But I haven't heard if there is a router and how is it setup nor has he reported my suggestion of changing the mac address.

There is only a limited number of things that can be causing an issue. A program blocking access on the PC. Even a turn off AV program might still be functional enough to mess this up. A client side edge device blocking access. The ISP is blocking access.

 

[YeOldeStonecat]

I'm thinking along the lines of what nline is saying also.

First...can check account lock by checking the account via web mail, like Mark mentioned. If you can send from the webmail interface, chances are the account doesn't have a lot....and you could read if the ISP send the account some warning about something.

Even though port 25 is becoming less popular, those ISPs that still use it often only allow SMTP on port 25 within their own bandwidth...that is, you have to be on THEIR bandwidth. They don't allow access to their port 25 SMTP servers from outside their bandwidth (like if you're another ISP).

So is this clients PC being tested on the ISPs bandwidth?

Check the Help/FAQ section of the ISP to see if they've changed their SMTP settings...and gone new a newer SSL, port 587, etc.

Did this clients computer have one of those antivirus products that does POP/SMTP scanning? Some shove in an SMTP proxy...and even if you uninstall the AV product...the settings can still be in the mail client.

 

[Galdorf]

I talked to his isp he was blocked by firewall on their end he was sending spam email at high rates once i cleaned his machine and tested to make sure it was clean they removed the block and now all is working.
Odd thing though they did not send him a notice.

 

[nlinecomputers]

Their firewall did it automatically. No one human probably knew about it. My firewalls stop inbound spam all the time they don't attempt even if they could to email anyone about it.