The IP address? It stays the same, regardless of the spoofed reply address.
Tom ----- Original Message ----- From: "Katie La Salle-Lowery" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, August 21, 2003 12:08 PM Subject: [IMail Forum] WAY OT--Tracking Sobig | Hi all, | | Those who don't want to waste their time on non-Imail issues please move | on now... | | I have a connectivity customer who has an GroupWise mail server behind a | Symantec Gateway. Sobig isn't getting through to his mail server. | However, the quantity is such that the Symantec Gateway is so overworked | that his legit mail is suffering a massive slow-down. He has observed | that Sobig spoofs the sending address. I observed the same when we got | a message to an alias saying that the alias address had sent Sobig. | He's wondering if there is a way to track it back and notify the owner | of the infected machine and thereby hopefully reduce the volume they are | receiving. | | I've asked him to send me the headers from a quarantined message so I | can investigate. His first attempt to do so was unopenable to me. I'm | awaiting his next attempt. | | Has anyone had experience or any suggestions for tracking Sobig? I | haven't seen any samples of Sobig.F. YEAH for Imail rules! Maybe not | perfect but helpful, anyway... | | Thanks, | Katie | | | | | | To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html | List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ | Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ | To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
