Title: Infected NDRs ?

Today I started receiving a flood of NDRs with viruses attached.  The NDRs all come from the same IP and are coming every two minutes.   The NDRs seem to be a result of someone flooding a remote system and using our domain as a spoofed return address.

I don't see any method of blacklisting the IP within the Antivirus product.  I tried blacklisting the IP address within the Junkmail program, but this doesn't seem to work.  It appears that Junkmail and Antivirus process incoming mail independently (is this correct?)

I have declude antivirus configured to delete messages with viruses and send a notification to an alert mailbox.  Normally, this isn't a problem as we generally have a low volume of incoming viruses.  Howerver, these NDRs are causing alot of virus notifications to be generated.

Is there anything else I can do, short of blocking that IP at the firewall.  Am I missing something?

BTW, the IP address is: 206.71.63.40
The apparent sender is: [EMAIL PROTECTED]
and the virus name reported by f-prot is HTML/[EMAIL PROTECTED]

Thanks for any help.

Reply via email to