[Gllug] Help With Virus
Chris Bell
chrisbell at overview.demon.co.uk
Fri Nov 5 12:12:47 UTC 2004
On Fri 05 Nov, wendy carr wrote:
>
> Hi All,
> I would be grateful if you can help me to solve this.
> I am running a small network with Linux server.Linux
> server is used to pop emails from the demon.net using
> fetchmail and distributed by sendmail to the local
> users (windows clients).All outgoing mail is relay
> through the relay.plus.net.
> The problem is that i am getting loads of junk emails
> and the worse is all my contacts get junk emails with
> our address as the sender.Whats more W32Beagle virus
> is seems to be in them.
> I have set up sendmail relaying only for the local
> domain.I check my /var/log/maillog but cant find any
> mail sent out of the local domain.
> I guess the W32Beagle is spread in only windows and
> someone else is sending the mail bombs.Is there anyway
> i can find these are generated from inside?
> I appriciate any sugesstions.
>
> cheers
>
> wendy
Has anyone checked the full headers and seen that the virus emails are
really coming from your Demon static IP address? Any incoming mail received
via the Demon network with a destination address similar to
"name.demon.co.uk" has the sender IP address verified by Demon, followed by
any (possibly forged) ^helo" information. Anything below that could also be
forged.
If someone is forging your email address you should report that to
abuse at demon.net
and send contents of bounced junk mail with forged addr = our addr for
police check to
pew at cix.co.uk
--
Chris Bell
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list