[Dshield] Firewall spam reduction link?
Robert M Farrell
RMF at VH-USU.Com
Wed May 25 22:20:12 GMT 2005
It's possibly more benign than you think. The new S/W may be using
'greylisting' as my ASP does. It essentially tries to exercise a
feature of SMTP from the source that an SMTP compliant MTA supports
but SPAM engines typically do not; rejecting mail from sources that
do not support it.
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Kenneth Coney
Sent: Thursday, May 26, 2005 00:59
To: list at lists.dshield.org
Subject: [Dshield] Firewall spam reduction link?
For a year or so I have had a well known firewall/AV program from a well
known US company on this machine. I have been getting about 340 spam
emails a day. View of IPs show they come from all over the world, and
they are also in lots of different languages. I never suspected any
connection. The embedded spam' filter does a fine job of flagging spam
and putting it in the trash box. One of the annoying things about this
software package is every so often some module or another goes bad
here. I will suddenly discover I am unable to enter the advanced screen
to tweak a firewall rule (java script error), or most recently a
download will just refuse to install even if when I refreshed the live
update and followed all the delete in documents advice on the companies
site. I usually wind up uninstalling and reinstalling to fix the
problem. I think it has been about four or five times in two years I
have had to do so. Of course after each reinstall then it is necessary
to go online with the dial up and download 16 to 30 megs of update
files. A very slow process w/o broadband. This is a one man shop and
no money is being earned when I sit in front of the computer waiting for
download prompts. I have also been annoyed for a long time by the
software firewall/AV package's insistence on automatically downloading
url updates and spam updates even though parental controls are off.
Anyway this week the program displayed indications of yet another
internal malfunction. I refused to kill a day reinstalling and updating it.
Instead this weekend I downloaded a free firewall from a competing
foreign company and then deleted the existent firewall package. Okay, I
killed most of a day on that install, doing the updates and setting up
the rules configuration. I figured, why not? Either way I would lose a
day. Incidently the updates were much smaller as there is no parental
censorship of urls embedded in the free program and no spam controls
either. Setting up or installing a filter is up to the user.
It has been four days now. No major problems noted, but that is not the
point of this writing.
What is really amazing to me is, this morning (and yesterday, and the
day before and the day before that) when I log on instead of seeing the
usual 200+ spam emails in my trash box, I am seeing about 40. Instead
of having a 120 or so pop up during the day, I get maybe 10. Something
major has changed. Two choices. 1) This weekend there was a major
crackdown world wide on Spam boxes which no one has heard about. 2)
Something about the former firewall program attracted spam. My machine
is masked with both programs according to Gibson's Shields Up (I know,
but hey, it is fast, and it is free). My experience leads me to suspect
a certain well known US software manufacturer has a major security issue
of their own. Probably in their auto update server. Something along
the lines of, what is the current email address of your customer, thank
you, now sending. Comments?
-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list