[SOLVED] CenturyLink Email Issue

[wfc4life]

Client is having problems receiving and sending their email to others and each other. Both clients only access their email through their CenturyLink home page using Google Chrome. The error message they receive is: “From PostMaster at CenturyLink 554 5.7.1 {P2] Your email was rejected for policy reasons.”

I used the DNSBL.info website to determine their IP address is blacklisted on the CBC.abuse.at.org list. Windows Defender had been recently run on my client’s computer. I ran Norton Eraser, Malwarebytes, TDSSKiller, and RogueKiller. RogueKiller found 1 Infection involving CCleaner. I removed all instances of the software. I initiated a removal request from this blacklist. They removed the IP address, but put it back on the list a few days later. I verified the Mail app on both user accounts are not being used, and there are no other active mail clients

Client unplugged his router and pulled in a new IP address. Initial success!! Email worked fine for a week. Now the issue has resurfaced. Client has contacted CenturyLink tech support several times but didn’t get anywhere. I am running out of options for this client other than a nuke and pave. There are no other issues with the computer. I hate to wipe a computer, especially when the root cause is not known. I would appreciate any advice you guys may have. I have set up a follow up appointment for Monday, December 7th.

 

[britechguy]

Client unplugged his router and pulled in a new IP address. Initial success!! Email worked fine for a week. Now the issue has resurfaced.

That tells me that a nuke and pave is very highly unlikely to solve anything and, thus, I'd drop that from consideration.

If CenturyLink is responsible for IP address assignment (and it has to be) then this is a problem that they're going to have to solve. That or drop them in favor of another ISP if that option exists.

 

[Markverhyden]

Router? Is this an ISP provided combo modem/router? Or ISP provided modem and different router? Or both customer provided? One thing I always do is change the default login for all that stuff on the edge like modem and router. Does the router have logs to look at?

 

[wfc4life]

Router? Is this an ISP provided combo modem/router? Or ISP provided modem and different router? Or both customer provided? One thing I always do is change the default login for all that stuff on the edge like modem and router. Does the router have logs to look at?

It's a CenturyLink combo modem/router. I'm sure there are logs to look at, but I didn't think to do so. I'll make sure and do that when I meet with the client next Monday. I agree with changing the default login information, but the client doesn't want to change anything. They are a new client in their 80s. They live in the middle of nowhere. I know the router could still get hacked, but I think the likelihood is slim. What would you recommend I be looking for specifically in the router log? Thanks for the feedback I really appreciate it.

 

[wfc4life]

That tells me that a nuke and pave is very highly unlikely to solve anything and, thus, I'd drop that from consideration.

If CenturyLink is responsible for IP address assignment (and it has to be) then this is a problem that they're going to have to solve. That or drop them in favor of another ISP if that option exists.

That's where I'm at. I mentioned the nuke and pave to the client, but told them I wasn't sure it would resolve the real issue. I told them that CenturyLink is best equipped to work through this issue, however the client has had several bad experiences with them, and doesn't want to use them. I've told them I could be the facilitator in a three way call, but he is resistant to the idea. I told him going to my peers for a fresh perspective in the last thing I can do on his behalf, other than dealing with CenturyLink.

 

[Larry Sabo]

the client doesn't want to change anything

I'd suggest telling him that he can either allow whatever changes you suggest, or find someone else to help him.

 

[glennd]

That's where I'm at. I mentioned the nuke and pave to the client, but told them I wasn't sure it would resolve the real issue. I told them that CenturyLink is best equipped to work through this issue, however the client has had several bad experiences with them, and doesn't want to use them. I've told them I could be the facilitator in a three way call, but he is resistant to the idea. I told him going to my peers for a fresh perspective in the last thing I can do on his behalf, other than dealing with CenturyLink.

did i read that correctly? he wants you to fix his problem without actually doing anything? and you want to N&P his computer for no good reason? To me it sounds like the issue is with the ISP.

Both clients only access their email through their CenturyLink home page using Google Chrome

So they're using the ISP webmail and the webmail is not working? Call the ISP and tell them to fix it.

 

[Computer Bloke]

I told them that CenturyLink is best equipped to work through this issue, however the client has had several bad experiences with them, and doesn't want to use them.

It sounds very much as if your client is ready for a new ISP.

 

[britechguy]

So they're using the ISP webmail and the webmail is not working? Call the ISP and tell them to fix it.

My thoughts exactly. And I'm not sorry, but we've all had "bad experiences" with ISPs. You either take the time to fight with 'em (or pay someone to do it), move to another, or stick with the mess.

This client is one where I'd be taking Mr. Sabo's suggested approach. If the client cannot do it themselves, and will not listen to my professional advice, then I need to walk away and they need to find someone who's foolish enough to put up with being directed by someone who already admits they don't know how to fix a given issue.

 

[Markverhyden]

It's a CenturyLink combo modem/router. I'm sure there are logs to look at, but I didn't think to do so. I'll make sure and do that when I meet with the client next Monday. I agree with changing the default login information, but the client doesn't want to change anything. They are a new client in their 80s. They live in the middle of nowhere. I know the router could still get hacked, but I think the likelihood is slim. What would you recommend I be looking for specifically in the router log? Thanks for the feedback I really appreciate it.

As far as looking at logs. It depends on what kind of granularity there is. And with ISP provided equipment it's usually pretty low quality. I'd be looking at where connections are coming from.

Resetting the password on the modem? Tell them it's like someone has the keys to their home. If they don't change the lock it's their problem. And you don't want to use their computer to change the ISP modem password, use yours. Some network compromises do happen from a LAN computer which may have a keylogger installed.

What do they have onsite? Anything that's a computer can have wireshark installed. Doing a packet capture will provide a lot of information.

The DNSRBL. How many sites were actually reporting that IP was bad? If it's only one there's probably something else going on.

You said the can only access email via web. Does that mean they can send and receive via webmail but not a client like Outlook?

 

[wfc4life]

As far as looking at logs. It depends on what kind of granularity there is. And with ISP provided equipment it's usually pretty low quality. I'd be looking at where connections are coming from.

Resetting the password on the modem? Tell them it's like someone has the keys to their home. If they don't change the lock it's their problem. And you don't want to use their computer to change the ISP modem password, use yours. Some network compromises do happen from a LAN computer which may have a keylogger installed.

What do they have onsite? Anything that's a computer can have wireshark installed. Doing a packet capture will provide a lot of information.

The DNSRBL. How many sites were actually reporting that IP was bad? If it's only one there's probably something else going on.

You said the can only access email via web. Does that mean they can send and receive via webmail but not a client like Outlook?

The client only have one Windows 10 desktop computer. They each have a mobile phone for emergencies (I'm not even sure they have them connected to the wireless network). I'm told the wife has a tablet (which would need to be connected to their wireless network).

This is a new client, and I believe the main reason they don't want me changing things is because they are not sure if they plan to keep using me. There has been two companies prior to me, and I don't know why they switched. I will be using your logical argument with clients in the future though.

The DNSBL website only reported one blacklist out of 45 total.

They can send and receive "some" email. They can't even send each other an email (using the same PC) without the CenturyLink PostMaster rejecting it with the error I shared initially. My clients can receive and send email with certain individuals, but not with others. I'm assuming the folks being affected use an ISP that uses the blacklist my client's IP address are on. Outlook is not installed on their computer, and neither use the Mail app, which makes this situation all the more frustrating.

 

[wfc4life]

My thoughts exactly. And I'm not sorry, but we've all had "bad experiences" with ISPs. You either take the time to fight with 'em (or pay someone to do it), move to another, or stick with the mess.

This client is one where I'd be taking Mr. Sabo's suggested approach. If the client cannot do it themselves, and will not listen to my professional advice, then I need to walk away and they need to find someone who's foolish enough to put up with being directed by someone who already admits they don't know how to fix a given issue.

Point well taken.

 

[wfc4life]

did i read that correctly? he wants you to fix his problem without actually doing anything? and you want to N&P his computer for no good reason? To me it sounds like the issue is with the ISP.

So they're using the ISP webmail and the webmail is not working? Call the ISP and tell them to fix it.

Thank you for your feedback. To clarify, I did not want to N&P his computer. I mentioned it as a potential but unlikely solution. I now see that was a mistake on my part. I pride myself in only doing a N&P when no other alternative is available. In this scenario, I shouldn't have mentioned it because without a root cause, a N&P shouldn't have been a consideration.