On Fri, 2004-04-30 at 11:32, Jared Pritchard wrote: > Hi - > Got a little problem. =) > We are getting reports back from other servers on the net saying our message > from something like [EMAIL PROTECTED] was rejected because of an > attached virus.
[..snip..] > Has anyone got ANY idea on what could be happening? Has our linux server got > a virus? (!?!!?!!) Is someone using our machine as an open relay? (I did > take steps to stop that, and abuse.net reports our server as fine) Are our > WinXP machines infected regardless of our anti-virus software? [..snip..] Anyone can forge a From address, so its possible that someone you've contacted by email before has a virus and it's setting the from address as <random chars>@yourdomain.com.au. To the untrained eye they would immediately complain to whatever the domain is shown on the From address ([EMAIL PROTECTED]) but if you look closely at the headers, it would normally indicate which server was used to SPAM through. You should probably also check your mail server thoroughly to ensure it does not relay emails from strangers. You can do this by telnet'ing to "relay-test.mail-abuse.org", make sure you do this from the mail server in question as it will telnet back to you on port 25 and perform a series of tests. HTH. Regards, Gonzalo -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
