On Mon, 1 Sep 2003, Lee Einer wrote:
> The e-mail address for my commercial domain is getting hammered with
> viruses, big time. I am getting probably 30 or more infected e-mails per
> day, and I am also receiving "message returned" e-mails with my e-mail
> address spoofed as the sender of the virus. The novelty has paled,
> believe me.
At least your mail server is not getting tens of thousands to handle.
> How can I track down the actual sender of the infected e-mails? I would
> really like to get hold of them, and tell them to take care of their
> infected hard drives.
Some of the bounces I receive (because of spoofed "From:") include headers
from the original email. We can assume that the mail server added at least
one legitimate "Received:" header that could be used to track down the
mail server that sent the virus.
Use that IP (in that "Received:" header) and do a whois look up to find
the owner of it.
Jeremy C. Reed
http://bsd.reedmedia.net/
(text/plain)