spam alert
got a message from my ISP saying that my email address was sending out spam, possibly from a trojan on my pc that was allowing a remote program to access my SMTP server and send email without my knowledge. I was shocked since I'm running ZoneAlarm and don't remember getting any alerts about a program accessing my email. I ran Norton's and it didn't find anything. BUT it was blocking a heap of outgoing emails with sexually explicit content after I disabled ZoneAlarm. So ZoneAlarm must be blocking them when it is on, but periodically I turn it off because some web pages don't load correctly when I use ZoneAlarm. Well I disabled ZoneAlarm tonight and right away I got popups from Nortons alerting me that there were sexually explicit emails trying to be sent using my mail account, at a rate of about 20 per minute! I turned ZoneAlarm back on and immediately it told me that IP address 204.152.184.73 was trying to send emails and make a connection with my mail server, which of course I blocked. 204.152.184.73 resolves to freebsd.isc.org. what gives? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: spam alert
On Wed, Apr 13, 2005 at 03:29:03AM -0400, Robert wrote: my email address was sending out spam, [snip] IP address 204.152.184.73 was trying to send emails and make a connection with my mail server, which of course I blocked. 204.152.184.73 resolves to freebsd.isc.org. what gives? freebsd.isc.org is not anything to do with freebsd as such. The first part of that output is the hostname, and refers to the name that isc.org gave to one of their computers. Perhaps you should get in contact with them directly. From whois: Domain Name:ISC.ORG Last Updated On:06-Apr-2005 01:33:20 UTC Expiration Date:05-Apr-2006 04:00:00 UTC Sponsoring Registrar:Alice's Registry, Inc. (R16-LROR) Registrant ID:ALICE-ISC1-CT Registrant Name:Internet Systems Consortium, Inc. Registrant Street1:950 Charter Street Registrant City:Redwood City Registrant State/Province:CA Registrant Postal Code:94063 Registrant Country:US Registrant Phone:+1.6507797000 Registrant FAX:+1.6507797055 Registrant Email:[EMAIL PROTECTED] Admin Name:Internet Systems Consortium, Inc. Admin Street1:950 Charter Street Admin City:Redwood City Admin State/Province:CA Admin Postal Code:94063 Admin Phone:+1.6507797000 Admin Email:[EMAIL PROTECTED] Otherwise, block the port, and look into the configuration of your mailserver to check that it is not relaying mail for others servers that you don't trust. Without knowing anything about your mailserver, I'm unable to help further. Cheers, Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: spam alert
On Wed, 13 Apr 2005 03:29:03 -0400 Robert [EMAIL PROTECTED] wrote: ||got a message from my ISP saying that my email address was sending out ||spam, possibly from a trojan on my pc that was allowing a remote program ||to access my SMTP server and send email without my knowledge. I was ||shocked since I'm running ZoneAlarm and don't remember getting any ||alerts about a program accessing my email. I ran Norton's and it didn't ||find anything. BUT it was blocking a heap of outgoing emails with ||sexually explicit content after I disabled ZoneAlarm. So ZoneAlarm ||must be blocking them when it is on, but periodically I turn it off ||because some web pages don't load correctly when I use ZoneAlarm. Well I ||disabled ZoneAlarm tonight and right away I got popups from Nortons ||alerting me that there were sexually explicit emails trying to be sent ||using my mail account, at a rate of about 20 per minute! I turned ||ZoneAlarm back on and immediately it told me that IP address ||204.152.184.73 was trying to send emails and make a connection with my ||mail server, which of course I blocked. 204.152.184.73 resolves to ||freebsd.isc.org. what gives ** Reply Separator ** Wednesday, April 13, 2005 4:39:26 PM I use Zone Alarm on all of my Windows based PC's. Assuming that you are not using the free; i.e., basically useless version, there is no reason to have to disable it for any reason. I would seriously suggest that you look into how you have it configured. Zone Alarm has an excellent forum where you can post questions. Their online support is not too bad, but it is not the quickest in the world when it comes to getting a speedy reply. As always, YMMV. -- Gerard Seibert [EMAIL PROTECTED] Isn't having a smoking section in a restaurant like having a peeing section in a swimming pool? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: spam alert
Robert wrote: got a message from my ISP saying that my email address was sending out spam, possibly from a trojan on my pc that was allowing a remote program to access my SMTP server and send email without my knowledge. I was shocked since I'm running ZoneAlarm and don't remember getting any alerts about a program accessing my email. I ran Norton's and it didn't find anything. BUT it was blocking a heap of outgoing emails with sexually explicit content after I disabled ZoneAlarm. So ZoneAlarm must be blocking them when it is on, but periodically I turn it off because some web pages don't load correctly when I use ZoneAlarm. Well I disabled ZoneAlarm tonight and right away I got popups from Nortons alerting me that there were sexually explicit emails trying to be sent using my mail account, at a rate of about 20 per minute! I turned ZoneAlarm back on and immediately it told me that IP address 204.152.184.73 was trying to send emails and make a connection with my mail server, which of course I blocked. 204.152.184.73 resolves to freebsd.isc.org. what gives? I would suggest that you take your Windows computer to the nearest a] repair center or b] deep body of water, place it inside, and hope for the best whilst being prepared to pay the piper. I have found neither Zone Alarm nor Norton software to be of any use whatsoever for protecting a Windows machine that is connected to any network, anywhere. Either vigilant management and constant user re-education, combined with almost any AV software besides Norton et al, or a *nixlike firewall with deny ip from any to winbox are the only solutions that seem to work with any degree of guaranteeable success. I would certainly agree with the poster who suggested you contact ISC directly --- possibly something is amiss there, but there is also no guarantee that the IP address being fed to ZoneAlarm is spoofed; this is not at all beyond the means of almost any spammer working today, although the issue of whether they'd go to the trouble may merit some debate. Notwithstanding that, this post is rather OT for this list. Kevin Kinsey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
