Just yesterday I've been receiving tons declude virus notices saying that a virus has been found. When I go look at the email, this is what I see:
---------------------------------------------------------------------------- -------------------------------- Declude Virus v1.82 caught the I-Worm/Sober.P virus in Unknown File from [EMAIL PROTECTED] to: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Date: 03 May 2005 14:41:50 Subject: mailing error Spool File: Dd3f83fab012ea211.SMD Remote IP: 209.7.3.197 Headers: Received: from ivagte.org [209.7.3.197] by mail.fenwickfriars.com (SMTPD32-8.15) id A3F83FAB012E; Tue, 03 May 2005 14:41:44 -0500 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Tue, 03 May 2005 19:38:30 UTC Subject: mailing error Importance: Normal X-Priority: 3 (Normal) Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=====eeb33aad.9bfc596a58" Content-Transfer-Encoding: 7bit This is a multi-part message in MIME format. ---------------------------------------------------------------------------- -------------------------------- What confounds me is this: ivagte.org is NOT 209.7.3.197, since that is my mail server which is mail.fenwickfriars.com I go look at my log and this is what I see: 20050503 144144 127.0.0.1 SMTPD (d3f83fab012ea211) [192.168.50.83] connect 209.7.3.197 port 53184 20050503 144144 127.0.0.1 SMTPD (d3f83fab012ea211) [209.7.3.197] Helo ivagte.org 20050503 144144 127.0.0.1 SMTPD (d3f83fab012ea211) [209.7.3.197] MAIL FROM: <[EMAIL PROTECTED]> 20050503 144144 127.0.0.1 SMTPD (d3f83fab012ea211) [209.7.3.197] RCPT TO: <[EMAIL PROTECTED]> 20050503 144144 127.0.0.1 SMTPD (d3f83fab012ea211) [209.7.3.197] RCPT TO: <[EMAIL PROTECTED]> 20050503 144144 127.0.0.1 SMTPD (d3f83fab012ea211) [209.7.3.197] RCPT TO: <[EMAIL PROTECTED]> 20050503 144144 127.0.0.1 SMTPD (d3f83fab012ea211) [209.7.3.197] ERR mail.fenwickfriars.com invalid user <[EMAIL PROTECTED] 20050503 144144 127.0.0.1 SMTPD (d3f83fab012ea211) [209.7.3.197] RCPT TO: <[EMAIL PROTECTED]> 20050503 144144 127.0.0.1 SMTPD (d3f83fab012ea211) [209.7.3.197] ERR mail.fenwickfriars.com invalid user <[EMAIL PROTECTED] 20050503 144145 127.0.0.1 SMTPD (d3f83fab012ea211) [209.7.3.197] RCPT TO: <[EMAIL PROTECTED]> 20050503 144145 127.0.0.1 SMTPD (d3f83fab012ea211) [209.7.3.197] ERR mail.fenwickfriars.com invalid user <[EMAIL PROTECTED] <<snipped for length>> 20050503 144145 127.0.0.1 SMTPD (d3f83fab012ea211) [209.7.3.197] C:\IMail\spool\Dd3f83fab012ea211.SMD 74523 192.168.50.83 is the ip for mail.fenwickfriars.com on IMail. I'm no expert on this (obviously) so I don't know what to make of it. Could it be that a computer that has access to our mailserver has a virus and is doing its thing, or ?? Thanks for any help. Sorry for the long post. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/