From owner-freebsd-questions@FreeBSD.ORG Wed Apr 13 21:10:02 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C27616A4CE for ; Wed, 13 Apr 2005 21:10:02 +0000 (GMT) Received: from ns1.tiadon.com (SMTP.tiadon.com [69.27.132.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 166EA43D3F for ; Wed, 13 Apr 2005 21:10:02 +0000 (GMT) (envelope-from kdk@daleco.biz) Received: from [69.27.131.0] ([69.27.131.0]) by ns1.tiadon.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 13 Apr 2005 16:10:17 -0500 Message-ID: <425D8AA7.7030504@daleco.biz> Date: Wed, 13 Apr 2005 16:09:59 -0500 From: Kevin Kinsey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.3) Gecko/20041210 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Robert References: <000801c53ffa$7cdb7c20$a9325818@sambo> In-Reply-To: <000801c53ffa$7cdb7c20$a9325818@sambo> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 13 Apr 2005 21:10:18.0216 (UTC) FILETIME=[31DDCE80:01C5406D] cc: freebsd-questions@freebsd.org Subject: Re: spam alert X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Apr 2005 21:10:02 -0000 Robert wrote: >got a message from my ISP saying that my email address >was sending out spam, possibly from a trojan on my pc that was >allowing a remote program to access my SMTP server and send email >without my knowledge. I was shocked since I'm running ZoneAlarm and >don't remember getting any alerts about a program accessing my email. >I ran Norton's and it didn't find anything. BUT it was blocking a >heap of outgoing emails with "sexually explicit content" after I >disabled ZoneAlarm. So ZoneAlarm must be blocking them when it is on, >but periodically I turn it off because some web pages don't load correctly >when I use ZoneAlarm. Well I disabled ZoneAlarm tonight and right away I >got popups from Nortons alerting me that there were sexually explicit >emails trying to be sent using my mail account, at a rate of about >20 per minute! I turned ZoneAlarm back on and immediately it told me >that IP address 204.152.184.73 was trying to send emails and make a >connection with my mail server, which of course I blocked. 204.152.184.73 >resolves to freebsd.isc.org. what gives? > > I would suggest that you take your Windows computer to the nearest a] repair center or b] deep body of water, place it inside, and hope for the best whilst being prepared to pay the piper. I have found neither Zone Alarm nor Norton software to be of any use whatsoever for protecting a Windows machine that is connected to any network, anywhere. Either vigilant management and constant user re-education, combined with almost any AV software besides Norton et al, or a *nixlike firewall with "deny ip from any to winbox" are the only solutions that seem to work with any degree of guaranteeable success. I would certainly agree with the poster who suggested you contact ISC directly --- possibly something is amiss there, but there is also no guarantee that the IP address being fed to ZoneAlarm is spoofed; this is not at all beyond the means of almost any spammer working today, although the issue of whether they'd go to the trouble may merit some debate. Notwithstanding that, this post is rather OT for this list. Kevin Kinsey