Mail Sheild SSL accounts?

In the Web Shield SSL accounts I have a mail account in there that is not in my mail client.
It is broadweavenetworks.net with POP3 on port 110 with TLS Encrpytion and the SMTP on port
465 with SSL encryption. I’m not sure what this is and don’t know if I should delete it. I don’t know if this is
some kind of update link for a program on my system. Has anyone else run into this. Any input would be
appreciated. Thanks!

Are you sure as there are some ISPs that redirect their email to other servers.

OrgName: Broadweave Networks of Utah, LLC
Veracity Communications has merged with Broadweave Networks to form Veracity Networks. Read more. Times are tough, save money without sacrificing service. ...

So do any of those ring any bells ?

Edit: inclusion some interesting email info on that domain, http://www.spamhaus.org/SBL/listings.lasso?isp=broadweavenetworks.net

Well I have 2 ATT Yahoo accounts, 1 regular Yahoo account and 1 myrealbox.com account. So the only one with the possibility would be My Real Box I guess.

Weird as a) it isn’t in your email client account settings, which means it isn’t using your email client.

Because avast is monitoring all email port activity it must be filtering it through the proxy and as such needs to create the entry in the SSL Accounts.

So you really need to know what is sending email through that domain and more importantly what is the content and why is it being sent.

Hey DavidR,

I ran a scan with Malwarebytes and that came up clean. I also ran a Avast scan and that also found nothing.
Any ideas on how to find out who or what is using that domain and what the content is? Port sniffing software?

Thanks,

Norm

I honestly don’t know, your firewall should be blocking any unauthorised outbound connection.
What is your firewall ?

So if you think it might be MyRealBox (never used this and haven’t a clue what it does) related perhaps you can block its outbound connection in the firewall and have it notify you when blocked, that way you should be able to check the firewall logs to see what it was actually trying to connect to.

yes, did also observe such a behavior.
had to search in depth - figured out my broadband provider had a contract with a provider in another country - resulting in: trying 2 download/upload mails used 2 different servers in 2 different countries with 2 different ips. so it can happen, but if it relates 2 ur prob, u have 2 find out 4 urself.
asyn

I’m just using Windows Firewall and am behind a hardware firewall(wireless router).
MyRealBox is a Free email service from Messaging Architects
that they use for testing purposes. You can check it out at www.myrealbox.com

I will see if I can track down any activity using a port scanner.

Will post my findings!

I guess it’s the info which is needed. Asyn seems to be right since googling the combination of “broadweavenetworks.net” and “myrealbox.com” ended up with some results such as this one. So, the entries are most likely to have been created by Avast! for monitoring the traffic of your MyRealBox account.

I think your right Rumpel & Asyn I deleted the broadweavenetwork.net accounts in Avast and then checked my Myrealbox account in Thunderbird and Avast recreated the TLS account. I then sent a email from the Myrealbox account and again Avast recreated the SSL account. It’s odd though because MyRealBox does not require encryption. Currently I have Thunderbird closed and I also closed eprompter(a email checker)and am going to leave them closed overnight just to make sure Myrealbox is the culprit. Will post back with results.

Thanks all! I appreciate the help ;D

PS Tried a Port Scanner and had no luck.

The below is quote from MyRealBox site.

Security of your Information MyRealBox supports TLS (Transport Layer Security) and SSL (Secure Sockets Layer) connections. By entering the URL https://www.myrealbox.com to access your mail via the web client or by indicating in your POP or IMAP client configuration that your mail server supports SSL, your email will be secure as it travels across the Internet.
I guess MyRealBox uses the same port for non-secure and secure connections for received mails. Since Web Shield "support" secure mail connection, your mail is probably secured [i]as it travels across the Internet.[/i]

What do you mean by “luck”? If you are using CurrPorts, after turning off any other application which use the internet, turn on the log by going through File>Log Changes and let Thunderbird check mail on the account and/or send a mail. Then, turn off the log and open it.

The below is an example of Thunderbird+Mail Shield checking a Gmail account.

Added thunderbird.exe TCP 127.0.0.1:1372:1372 127.0.0.1:1373:1373 Added thunderbird.exe TCP 127.0.0.1:1373:1373 127.0.0.1:1372:1372 Added thunderbird.exe TCP 127.0.0.1:1374:1374 127.0.0.1:1375:1375 Added thunderbird.exe TCP 127.0.0.1:1375:1375 127.0.0.1:1374:1374 Added svchost.exe UDP 0.0.0.0:63881:63881 *:* Added svchost.exe UDP 0.0.0.0:57205:57205 *:* Added AvastSvc.exe TCP 127.0.0.1:12143:12143 127.0.0.1:1376:1376 Added thunderbird.exe TCP 127.0.0.1:1376:1376 127.0.0.1:12143:12143 Added AvastSvc.exe TCP XXX.XXX.XXX.XXX:1379:1379 63.245.221.10:80:80 Added AvastSvc.exe TCP 127.0.0.1:12080:12080 127.0.0.1:1380:1380 Added thunderbird.exe TCP 127.0.0.1:1380:1380 127.0.0.1:12080:12080 Added [b]AvastSvc.exe[/b] TCP XXX.XXX.XXX.XXX:1377:1377 74.125.95.16:[b]993[/b]:[b]993[/b] Added AvastSvc.exe TCP XXX.XXX.XXX.XXX:1381:1381 63.245.221.11:80:80 Added thunderbird.exe TCP 127.0.0.1:1378:1378 127.0.0.1:12080:12080 Added AvastSvc.exe TCP 127.0.0.1:12080:12080 127.0.0.1:1378:1378 Removed svchost.exe UDP 0.0.0.0:63881:63881 *:* Removed svchost.exe UDP 0.0.0.0:57205:57205 *:*
XXX.XXX.XXX.XXX is the address of the PC. In the line with the red font, you can see the address of Google at the remote port 993. It shouldn't be such complicated a task. Please look for the lines AvastSvc.exe accessing remote ports such as 110 for receiving emails and 465 for sending them.

After having closed my mail programs overnight Avast had no extra accounts listed in the Mail Shield SSL accounts area.
So I’m convinced that the MyRealBox mail account is why Avast is adding the broadweavenetwork.net to the SSL accounts.
As soon as I checked and sent mail from the MyRealBox account the entries were in Avast again.

Rumpel, thanks for the information. I had tried CurrPorts and was not Familiar with the features of the program because I
just had downloaded it and ran it and it wasn’t showing any information that I thought was relevant to what I needed.

Thanks!!

I see. I thought you might be having a problem with using it but, if your initial problem is solved, we can leave it. :wink: