[Dshield] Firewall spam reduction link?

Robert M Farrell RMF at VH-USU.Com
Wed May 25 22:20:12 GMT 2005

It's possibly more benign than you think.  The new S/W may be using
'greylisting' as my ASP does. It essentially tries to exercise a
feature of SMTP from the source that an SMTP compliant MTA supports
but SPAM engines typically do not; rejecting mail from sources that
do not support it.

See: http://forum.powweb.com/showthread.php?t=38210

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Kenneth Coney
Sent: Thursday, May 26, 2005 00:59
To: list at lists.dshield.org
Subject: [Dshield] Firewall spam reduction link?

For a year or so I have had a well known firewall/AV program from a well 
known US company on this machine.  I have been getting about 340 spam 
emails a day.  View of IPs show they come from all over the world, and 
they are also in lots of different languages.  I never suspected any 
connection.  The embedded spam' filter does a fine job of flagging spam 
and putting it in the trash box.  One of the annoying things about this 
software package is every so often some module or another goes bad 
here.  I will suddenly discover I am unable to enter the advanced screen 
to tweak a firewall rule (java script error), or most recently a 
download will just refuse to install even if when I refreshed the live 
update and followed all the delete in documents advice on the companies 
site.  I usually wind up uninstalling and reinstalling to fix the 
problem.  I think it has been about four or five times in two years I 
have had to do so. Of course after each reinstall then it is necessary 
to go online with the dial up and download 16 to 30 megs of update 
files.  A very slow process w/o broadband.    This is a one man shop and 
no money is being earned when I sit in front of the computer waiting for 
download prompts.  I have also been annoyed for a long time by the 
software firewall/AV package's insistence on automatically downloading 
url updates and spam updates even though parental controls are off.  
Anyway this week the program displayed indications of yet another 
internal malfunction.  I refused to kill a day reinstalling and updating it.

Instead this weekend I downloaded a free firewall from a competing 
foreign company and then deleted the existent firewall package.  Okay, I 
killed most of a day on that install, doing the updates and setting up 
the rules configuration.  I figured, why not?  Either way I would lose a 
day.  Incidently the updates were much smaller as there is no parental 
censorship of urls embedded in the free program and no spam controls 
either.  Setting up or installing a filter is up to the user.

It has been four days now.  No major problems noted, but that is not the 
point of this writing. 

What is really amazing to me is, this morning (and yesterday, and the 
day before and the day before that) when I log on instead of seeing the 
usual 200+ spam emails in my trash box, I am seeing about 40.  Instead 
of having a 120 or so pop up during the day, I get maybe 10.  Something 
major has changed.  Two choices.  1) This weekend there was a major 
crackdown world wide on Spam boxes which no one has heard about.  2) 
Something about the former firewall program attracted spam.  My machine 
is masked with both programs according to Gibson's Shields Up (I know, 
but hey, it is fast, and it is free).  My experience leads me to suspect 
a certain well known US software manufacturer has a major security issue 
of their own.  Probably in their auto update server.  Something along 
the lines of, what is the current email address of your customer, thank 
you, now sending.  Comments?

-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
Details: http://www.sans.org/sansfire2005

send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list