On Mon, 1 Sep 2003, Lee Einer wrote:

> The e-mail address for my commercial domain is getting hammered with
> viruses, big time. I am getting probably 30 or more infected e-mails per
> day, and I am also receiving "message returned" e-mails with my e-mail
> address spoofed as the sender of the virus. The novelty has paled,
> believe me.

At least your mail server is not getting tens of thousands to handle.

> How can I track down the actual sender of the infected e-mails? I would
> really like to get hold of them, and tell them to take care of their
> infected hard drives.

Some of the bounces I receive (because of spoofed "From:") include headers
from the original email. We can assume that the mail server added at least
one legitimate "Received:" header that could be used to track down the
mail server that sent the virus.

Use that IP (in that "Received:" header) and do a whois look up to find
the owner of it.

   Jeremy C. Reed
   http://bsd.reedmedia.net/