What I'm currently doing is taking the session IP address (the actual IP where the mail was received), then doing an RDNS on it, then attempting an MX lookup on the RDNS. If I don't find one, I trim the first token off and check again, repeating until I have only one token left, or I find an MX. Then I send a notice to abuse@ for what I have left of the RDNS. Example (this IP address has not send me any viruses - it's strictly an example): Connecting IP: 216.26.97.108 RDNS: 108.ppp.tor3.enoreo.on.ca MX for 108.ppp.tor3.enoreo.on.ca - none MX for ppp.tor3.enoreo.on.ca - none MX for tor3.enoreo.on.ca - none MX for enoreo.on.ca - mailgate.enoreo.on.ca
Report mailed to [EMAIL PROTECTED] At 14:24 1/27/2004, Scott wrote: >Hi all, > > Just a thought... With the latest virus and how far its spreading >and the amount of email being generated. If you wish to help reduce >this internet clogging, set your xmailserver virus scanner not to send a >report to the sender of the email. I say the sender because the last >few new viruses have had embedded SMTP and didn't actually come form the >sender. > >Any other thoughts on how to deal with this would be appreiciated. > >Scott > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
