Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
660 Views 1 Reply Latest reply: Sep 20, 2013 10:41 AM by Brad McGarr RSS
larwilliams Newcomer 1 posts since
Sep 12, 2013
Currently Being Moderated

Sep 12, 2013 11:42 PM returning "Connection Refused" errors



We have been attempting to work with McAfee on this issue for several days using and, and have made no progress. We get the same generic template saying "Success! This has been resolved." However, this is still unresolved and e-mails from our IP are being rejected due to your system. Below is the Exim log for the most recent test message containing nothing more than Subject: test and "test" in the body:



  cwd=/usr/local/cpanel/whostmgr/docroot 6 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -v -M 1VKK1z-003EIC-HC

delivering 1VKK1z-003EIC-HC

Connecting to []:25 from ... failed: Connection refused

LOG: MAIN [] Connection refused

Connecting to []:25 from ... failed: Connection refused

LOG: MAIN [] Connection refused

Connecting to []:25 from ... failed: Connection refused

LOG: MAIN [] Connection refused

Connecting to []:25 from ... failed: Connection refused

LOG: MAIN [] Connection refused


  == R=dkim_lookuphost T=dkim_remote_smtp defer (111): Connection refused


Below is the exact source e-mail message being sent by Mozilla Thunderbird:


From - Fri Sep 13 00:56:53 2013

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00800000


Message-ID: <>

Date: Fri, 13 Sep 2013 00:56:52 -0230

From: Test <>

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8

MIME-Version: 1.0


Subject: test

Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Content-Transfer-Encoding: 7bit




While this is clearly due to spamming, it was done by the previous owner of this IP address. We only began using this IP on August 15th after purchasing a server    from Limestone Networks ( and there is no    spam coming from it, so I would suspect that the previous user of    the IP address is responsible for the block.


Also, I checked the IP at    and notice that the domain and hostname are incorrect. Our domain is and the server's hostname is I suspect the rating and information showing are for the previous owner who is the cause of this issue.


Please help!!!




  • Brad McGarr McAfee Employee 154 posts since
    Dec 4, 2012
    Currently Being Moderated
    1. Sep 20, 2013 10:41 AM (in response to larwilliams)
    Re: returning "Connection Refused" errors



    I was able to confirm that your IP,, is delisted from our firewall block list and should not be receiving connection refusals. Are you still receiving connection refusals? If so, are there any other IPs which may be sending out mail?

    Brad McGarr
    McAfee SaaS Email & Web Protection
    Technical Support Technician I (Legacy & Partner Support)
    Microsoft Certified Professional
    Microsoft Technology Associate - Windows OS | CompTIA A+ Certified Technician | CIW Web Foundations Associate
    Visit my blog: Brad's Corner - Insights from SaaS Email & Web Security Support

    Frequently Requested Information

More Like This

  • Retrieving data ...

Bookmarked By (0)


  • Correct Answers - 5 points
  • Helpful Answers - 3 points