Today I started receiving a flood of NDRs with viruses attached. The NDRs all come from the same IP and are coming every two minutes. The NDRs seem to be a result of someone flooding a remote system and using our domain as a spoofed return address.
I don't see any method of blacklisting the IP within the Antivirus product. I tried blacklisting the IP address within the Junkmail program, but this doesn't seem to work. It appears that Junkmail and Antivirus process incoming mail independently (is this correct?)
I have declude antivirus configured to delete messages with viruses and send a notification to an alert mailbox. Normally, this isn't a problem as we generally have a low volume of incoming viruses. Howerver, these NDRs are causing alot of virus notifications to be generated.
Is there anything else I can do, short of blocking that IP at the firewall. Am I missing something?
BTW, the IP address is: 206.71.63.40
The apparent sender is: [EMAIL PROTECTED]
and the virus name reported by f-prot is HTML/[EMAIL PROTECTED]
Thanks for any help.
