I suspect that somehow the addresses on my mail server have been compromised. I have been getting a flood of worm-laden messages, many of them showing "FROM:" addresses on our mail server. I wouldn't think much of it normally; I'm well aware of the various worms that will hijack the address book on an infected computer and use those for forge the "FROM:" header. But today I saw one from a brand new e-mail address that has not been used yet (at least not to my knowledge).
If I wanted to scour my mail logs for "harvesting" attempts, what key words should I use in the filters? Any other suggestions? TIA, ================================================ | Doug Starkey | | Network Administrator | | Pecan Deluxe Candy Company | | 2570 Lone Star Drive | | Dallas, TX 75212-6308 | | e-mail: [EMAIL PROTECTED] | | voice: 214-631-3669 Ext. 108 | | fax: 214-631-5833 | ================================================ ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
