Yes you can, at least up to a limit. I usually go to http://www.arin.net/whois/ first, although you might skip this step since you already probably know they are in Asia. You could skip straight to http://www.apnic.net/ and go into their Whois feature to look up the owner of the IP address 203.199.81.81. That will tell you that the message is definitely coming from vsnl.net.
Beyond that, you will have to contact vsnl's admins and ask them which user has that IP address. -- be - MOS Academy: A modern school where football is taught. > -----Original Message----- > From: RBHATIA [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 09, 2002 1:28 PM > To: Exchange Discussions > Subject: RE: Message filtering > > > > I do have anti-virus software and it is trapping and quarantining the > messages. But that doesn't stop the spoofed email from coming in. > I would like to find out the source of the infection - who is > the user who > has been infected. Can I tell from the message header > attached below ? > > > -----Original Message----- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 09, 2002 1:25 PM > To: Exchange Discussions > Subject: RE: Message filtering > > > First I'd change my DL SMTP addresses to something > non-obvious. Then I'd > implement an antivirus solution which could be configured to > drop worms. > > > -----Original Message----- > > From: RBHATIA [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, July 09, 2002 11:28 AM > > To: Exchange Discussions > > Subject: Message filtering > > > > > > We're being hit big time by the KLEZ virus. Here is one of > the messages > > that > > was sent. I've checked everyone's machines and everyone > seems clear. So > > I'm > > guessing it's someone who works closely with our company as > we have emails > > floating back and forth between staff who claim they never > sent each other > > email. > > What if I set up the message filtering option on the Internet Mail > > Connector > > to block the domain smtp02.vsnl.net and smtp03.vsnl.net > since those seem > > to > > be the 2 main sources from where the emails are originating. > > Also, how do I insert the entry ? Do I enter it as > @smtp02.vsnl.net ? > > > > ------------------------------------------------------------ > > Received: from smtp02.vsnl.net ([203.197.12.8]) by > myserver.mycompany.com > > with SMTP (Microsoft Exchange ................) > > id 31VYJYRC; Mon, 8 Jul 2002 04:14:50 -0400 > > Received: from Qrvlyi ([203.199.81.81]) by smtp02.vsnl.net > > (Netscape Messaging Server 4.15) with SMTP id GYX8GJ00.Z9D for > > <[EMAIL PROTECTED]>; Mon, 8 Jul 2002 13:49:31 +0530 > > From: staff [EMAIL PROTECTED] > > To: [EMAIL PROTECTED] > > Subject: ..................... > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
