Ok let me get this one straight!
The IP address that shows up in the remote IP address block is a legit
way to track these? So in the returned mail below the guilt party would
be:
65.218.223.194 or ns1.nnmt.net. (an authoritative nameserver for
223.218.65.in-addr.arpa., which is in charge of the reverse DNS for
65.218.223.194)
says that there are no PTR records for 65.218.223.194.
Is it possible that the virus is spoofing these messages ip?
postmaster message with headers below!!!!
Declude Virus v1.61 caught the W32/[EMAIL PROTECTED] virus in
document_9446.pif from [EMAIL PROTECTED] to: [EMAIL PROTECTED]
Date: 08/21/2003 10:51:18
Subject: Re: Approved
Spool File: Dea6f01da019671d5.SMD
Remote IP: 65.218.223.194
Headers:
Received: from SUPERINTENDENT [65.218.223.194] by XXXX.XXXXXXXXXX.com
with ESMTP(SMTPD32-7.13) id AA6F1DA0196; Thu, 21 Aug 2003 10:51:11 -0500
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: Approved
Date: Thu, 21 Aug 2003 9:32:44 --0600
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_007425F7"
Message-Id: <[EMAIL PROTECTED]>
---
[This email has been prescanned for viruses by Declude and F-Prot]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
