Thanks, Jeremy-

That did the trick.  The IP lookup  gave me the name of both the 
business and the individual who's PC is infected. Googled the business 
name and got the phone number. Called  and verified that the  individual 
is one of their employees. Explained the problem, and asked that he call 
me.

Maybe I can sell him on Linux when he calls back ;-)

Lee Einer





Jeremy C. Reed wrote:

>On Mon, 1 Sep 2003, Lee Einer wrote:
>
>>The e-mail address for my commercial domain is getting hammered with
>>viruses, big time. I am getting probably 30 or more infected e-mails per
>>day, and I am also receiving "message returned" e-mails with my e-mail
>>address spoofed as the sender of the virus. The novelty has paled,
>>believe me.
>>
>
>At least your mail server is not getting tens of thousands to handle.
>
>>How can I track down the actual sender of the infected e-mails? I would
>>really like to get hold of them, and tell them to take care of their
>>infected hard drives.
>>
>
>Some of the bounces I receive (because of spoofed "From:") include headers
>from the original email. We can assume that the mail server added at least
>one legitimate "Received:" header that could be used to track down the
>mail server that sent the virus.
>
>Use that IP (in that "Received:" header) and do a whois look up to find
>the owner of it.
>
>   Jeremy C. Reed
>   http://bsd.reedmedia.net/
>
>
>---------------------------------------------------
>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>To subscribe, unsubscribe, or to change  you mail settings:
>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>


-- 


Lee Einer
Dos Manos Jewelry
http://www.dosmanosjewelry.com