On Sun, 2002-04-21 at 17:49, Jason Guidry wrote: > > do the headers of the mail you are getting match any of the mail you are > getting? I'm suspicious of a BBS i posted to about sheetmusic available > on my website. I think I'm gonna contact the guy in charge and > compare IPs. I realise that the person sending the email may not be > aware, but I don't know who would have my address from Syracuse. >
Not sure about the BBS being the source of your problems, Jason, but I kinda doubt it. The headers on the infected mail I received didn't match anything else I might be receiving at the time of delivery. After looking at a few of these infected emails, about the only consistency I could find was that the origin was the same ip address, each time with a different name, such as "[EMAIL PROTECTED]" or "[EMAIL PROTECTED]". The other constant was that the address it was sending to (destination address) was usually a bogus address, sometime not even the domain name was real. The bottom line is, I think this is what Pierre is saying. you can identify the originating ip address in the email headers but, in the final analysis, this ip address may be spoofed, meaning that the ip address may or may not be the offending machine. Nope, you do not have to worry: this mail is not being sent by your machine unless you might be using windoze with some version of MS outlook.. As a matter of fact, I have never heard of or seen a email type virus, such as W32/Klez.e@MM, on linux. Another reason to bring the uninitiated into the fold, right LX? Dr John -- J. Craig Woods UNIX/NT Network/System Administration -Art is the illusion of spontaneity-
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
