RE: [Declude.Virus] Infected NDRs ?

[Agid, Corby]

Title: Infected NDRs ?

Hadn't though of that.. Thanks.   Oddly, the influx of messages slowed to every three minutes then 9 minutes and then stopped after 24hours.  Perhaps whatever was sending the outgoing messages that resulted in the NDRs slowed down and then stopped. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, January 05, 2005 5:35 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Infected NDRs ? Add the IP to the Imail SMTP control access list.   John Tolmachoff Engineer/Consultant/Owner eServices For You   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Agid, Corby Sent: Wednesday, January 05, 2005 4:57 PM To: declude.virus@declude.com Subject: [Declude.Virus] Infected NDRs ?   Today I started receiving a flood of NDRs with viruses attached.  The NDRs all come from the same IP and are coming every two minutes.   The NDRs seem to be a result of someone flooding a remote system and using our domain as a spoofed return address. I don't see any method of blacklisting the IP within the Antivirus product.  I tried blacklisting the IP address within the Junkmail program, but this doesn't seem to work.  It appears that Junkmail and Antivirus process incoming mail independently (is this correct?) I have declude antivirus configured to delete messages with viruses and send a notification to an alert mailbox.  Normally, this isn't a problem as we generally have a low volume of incoming viruses.  Howerver, these NDRs are causing alot of virus notifications to be generated. Is there anything else I can do, short of blocking that IP at the firewall.  Am I missing something? BTW, the IP address is: 206.71.63.40 The apparent sender is: [EMAIL PROTECTED] and the virus name reported by f-prot is HTML/[EMAIL PROTECTED] Thanks for any help.