In the virus report coming to my postmaster account I usually set the mail server it came from and the IP address.
In some cases right now I am getting my own mail server URL listed with a foreign IP address.
That's actually quite normal:
EG: Received: from mail.intown.net [65.29.100.113] by intown.net
When mail.intown.net is 216.16.233.12
That's because IMail adds the name that the remote mailserver claims to be (followed by the accurate IP address in brackets). If the remote mailserver claims to be mail.intown.net, that's what IMail will put there. It's like the return address -- it can be forged fairly easily. I believe there are some viruses that use their own SMTP server that claim to be the same server that they are sending to.
-Scott
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
