RE: SirCam Virus Problem Exchange Server
I would not be suprised if these messages do NOT originate from home.com. You need to check the headers of the messages, see where they are actually coming from, then blacklist the systems and notify their admins. Download one of these messages at a machine prefarably using Eudora, Netscape or some other mailer. Outlook Express is also OK as long as you don´t open the attachment. Highlight the message and check for the internet headers (in Outlook Express you´d right-click the message and click Properties and then details). You´ll get something similar to: -- eceived: from [212.49.88.8] by formnet-svr.form-net.com with smtp id 0d353784 ; Tue, 25 Sep 2001 13:06:54 +0300 Received: from mail.rwc-colo.redhat.com (nat-2.rwc.redhat.com [216.148.218.135]) by relay.form-net.com (8.11.6/8.11.0) with ESMTP id f8PA4Xf18795 for [EMAIL PROTECTED]; Tue, 25 Sep 2001 13:04:33 +0300 Received: from scripts.rwc-colo.redhat.com (scripts.rwc-colo.redhat.com [10.255.16.141]) by mail.rwc-colo.redhat.com (8.9.3/8.9.3) with ESMTP id FAA29656 for [EMAIL PROTECTED]; Tue, 25 Sep 2001 05:59:08 -0400 Received: (from root@localhost) by scripts.rwc-colo.redhat.com (8.9.3/8.9.3) id FAA11952; Tue, 25 Sep 2001 05:01:13 -0500 Date: Tue, 25 Sep 2001 05:01:13 -0500 This way you can block the offending systems using their IP addresses. Steve. Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: SirCam Virus Problem Exchange Server
On your Exchange server, go to the IMC properties, Connections tab, Message Filtering. Enter in the offending home.com address and then restart your IMC. You can check on the box to have the messages automatically deleted instead of accumulating in the TurfDir on the server. Hunter -Original Message- From: Murray Freeman [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:22 AM To: NT System Admin Issues Subject: SirCam Virus Problem Exchange Server Our webmaster seems to have found a friend who apparently doesn't know she has the SirCam virus. We're being sent hundreds of emails from this one account to our webmaster. We've set up a rule to forward all these emails to our webmasters delete folder, but apparently that's creating problems as well. Our webmaster doesn't want us to shut down that alias, so does anyone have any other ideas to somehow eliminate the problem. All the email is coming from an address at HOME.COM. Murray http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: SirCam Virus Problem Exchange Server
Install some Email Virus protection, and let it deal with the infected messages. Or block that domain at your internet mail connector. Trend ScanMail is a good antivirus package, and you can easily block a particular domain, or even a single user from a domain, in your IMC properties box. Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -Original Message- From: Murray Freeman [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 11:22 AM To: NT System Admin Issues Subject: SirCam Virus Problem Exchange Server Our webmaster seems to have found a friend who apparently doesn't know she has the SirCam virus. We're being sent hundreds of emails from this one account to our webmaster. We've set up a rule to forward all these emails to our webmasters delete folder, but apparently that's creating problems as well. Our webmaster doesn't want us to shut down that alias, so does anyone have any other ideas to somehow eliminate the problem. All the email is coming from an address at HOME.COM. Murray http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: SirCam Virus Problem Exchange Server
You can clock all email from @home.com in the IMC. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Murray Freeman [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 11:22 AM To: NT System Admin Issues Subject: SirCam Virus Problem Exchange Server Our webmaster seems to have found a friend who apparently doesn't know she has the SirCam virus. We're being sent hundreds of emails from this one account to our webmaster. We've set up a rule to forward all these emails to our webmasters delete folder, but apparently that's creating problems as well. Our webmaster doesn't want us to shut down that alias, so does anyone have any other ideas to somehow eliminate the problem. All the email is coming from an address at HOME.COM. Murray http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: SirCam Virus Problem Exchange Server
Sounds like EXACTLY the same thing I'm going through - a Home.com user's system is peppering my inbox with infected messages. Unfortunately, the messages don't have a From address, so there's no way to contact the sender about the problem! I tried sending a message about it to [EMAIL PROTECTED], but just got a form e-mail in reply. (Hint: If you don't want to receive the SirCam form e-mail from Home.com, don't mention SirCam in your message). In my second attempt, I replaced SirCam with S*i*r*C*a*m and received a different form e-mail. No further response as yet. so, at the moment I'm trying to configure my e-mail server to treat the home.com server (will specifically sdc1.sfba.home.com) as a spam relay, and block all e-mail from that server. When the hundreds of infected messages remain on their server instead of getting delivered to mine, perhaps then they'll pay more attention to the problem :-). Regards, Brian - Original Message - From: Murray Freeman [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Sent: Monday, September 24, 2001 11:22 AM Subject: SirCam Virus Problem Exchange Server Our webmaster seems to have found a friend who apparently doesn't know she has the SirCam virus. We're being sent hundreds of emails from this one account to our webmaster. We've set up a rule to forward all these emails to our webmasters delete folder, but apparently that's creating problems as well. Our webmaster doesn't want us to shut down that alias, so does anyone have any other ideas to somehow eliminate the problem. All the email is coming from an address at HOME.COM. Murray http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: SirCam Virus Problem Exchange Server
Is there no way you can bounce the message back to the originator ? or just reject the messages totally. Most AV Software has an option to send a message back to the sender with a configurable message to tell the person to get their AV software sorted out :-) Regards Davidt -Original Message- From: Murray Freeman [mailto:[EMAIL PROTECTED]] Sent: 24 September 2001 16:22 To: NT System Admin Issues Subject: SirCam Virus Problem Exchange Server Our webmaster seems to have found a friend who apparently doesn't know she has the SirCam virus. We're being sent hundreds of emails from this one account to our webmaster. We've set up a rule to forward all these emails to our webmasters delete folder, but apparently that's creating problems as well. Our webmaster doesn't want us to shut down that alias, so does anyone have any other ideas to somehow eliminate the problem. All the email is coming from an address at HOME.COM. Murray http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: SirCam Virus Problem Exchange Server
Murray, You can block that email domain or address from your system using message filtering under the Internet Mail Service properties in Exchange. Andy -Original Message- From: Murray Freeman [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 10:22 AM To: NT System Admin Issues Subject: SirCam Virus Problem Exchange Server Our webmaster seems to have found a friend who apparently doesn't know she has the SirCam virus. We're being sent hundreds of emails from this one account to our webmaster. We've set up a rule to forward all these emails to our webmasters delete folder, but apparently that's creating problems as well. Our webmaster doesn't want us to shut down that alias, so does anyone have any other ideas to somehow eliminate the problem. All the email is coming from an address at HOME.COM. Murray http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: SirCam Virus Problem Exchange Server
I actually have a single email address from home.com, and have tried contacting home as you have to no avail. I tried faxing to the number listed at Register.com, and it's not a fax machine. Let me know what happens and I'll do the same. Murray -Original Message- From: Brian Steele [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 10:39 AM To: NT System Admin Issues Subject: Re: SirCam Virus Problem Exchange Server Sounds like EXACTLY the same thing I'm going through - a Home.com user's system is peppering my inbox with infected messages. Unfortunately, the messages don't have a From address, so there's no way to contact the sender about the problem! I tried sending a message about it to [EMAIL PROTECTED], but just got a form e-mail in reply. (Hint: If you don't want to receive the SirCam form e-mail from Home.com, don't mention SirCam in your message). In my second attempt, I replaced SirCam with S*i*r*C*a*m and received a different form e-mail. No further response as yet. so, at the moment I'm trying to configure my e-mail server to treat the home.com server (will specifically sdc1.sfba.home.com) as a spam relay, and block all e-mail from that server. When the hundreds of infected messages remain on their server instead of getting delivered to mine, perhaps then they'll pay more attention to the problem :-). Regards, Brian - Original Message - From: Murray Freeman [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Sent: Monday, September 24, 2001 11:22 AM Subject: SirCam Virus Problem Exchange Server Our webmaster seems to have found a friend who apparently doesn't know she has the SirCam virus. We're being sent hundreds of emails from this one account to our webmaster. We've set up a rule to forward all these emails to our webmasters delete folder, but apparently that's creating problems as well. Our webmaster doesn't want us to shut down that alias, so does anyone have any other ideas to somehow eliminate the problem. All the email is coming from an address at HOME.COM. Murray http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: SirCam Virus Problem Exchange Server
Block the offending sender email addy in the IMS? -Original Message- From: Murray Freeman [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 8:22 AM To: NT System Admin Issues Subject: SirCam Virus Problem Exchange Server Our webmaster seems to have found a friend who apparently doesn't know she has the SirCam virus. We're being sent hundreds of emails from this one account to our webmaster. We've set up a rule to forward all these emails to our webmasters delete folder, but apparently that's creating problems as well. Our webmaster doesn't want us to shut down that alias, so does anyone have any other ideas to somehow eliminate the problem. All the email is coming from an address at HOME.COM. Murray http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: SirCam Virus Problem Exchange Server
Is that Exchange 5.5 or Exchange 2k? If it's 5.5 you can ban email from any specific subnet or individual hosts. Open Exchange Admin In Connections you'll find your Inernet Mail Service, open the properties for it. Click on the connections Tab In the lower left you'll see Accept Connections section and click on the Specify By Host button. Click Add Plug in this persons IP and netmask. If you're gonna ban the subnet, replace the last octet of their IP with a zero and use 255.255.255.0. If you only want to ban their their mail server use the specific address with a subnet of 255.255.255.255. (If you need examples of this feel free to ask) Select the Reject connection from this Host radio button, hit ok and you're good to go. You may have to restart the internet mail service from the Services Panel. Good Luck! -Original Message- From: Murray Freeman [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 11.22 am To: NT System Admin Issues Subject: SirCam Virus Problem Exchange Server Our webmaster seems to have found a friend who apparently doesn't know she has the SirCam virus. We're being sent hundreds of emails from this one account to our webmaster. We've set up a rule to forward all these emails to our webmasters delete folder, but apparently that's creating problems as well. Our webmaster doesn't want us to shut down that alias, so does anyone have any other ideas to somehow eliminate the problem. All the email is coming from an address at HOME.COM. Murray http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: SirCam Virus Problem Exchange Server
Assuming you're using Exchange, try going into Exchange Admin and configuring the mailbox for the webmaster to reject messages from that sender. After she straightens it out, you can reconfigure to accept again (if you want). It's under the delivery restrictions tab. Wade M. Walters Network Services GDS Engineers, Inc. [EMAIL PROTECTED] 713-295-4800 -Original Message- From: Murray Freeman [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 10:22 AM To: NT System Admin Issues Subject:SirCam Virus Problem Exchange Server Our webmaster seems to have found a friend who apparently doesn't know she has the SirCam virus. We're being sent hundreds of emails from this one account to our webmaster. We've set up a rule to forward all these emails to our webmasters delete folder, but apparently that's creating problems as well. Our webmaster doesn't want us to shut down that alias, so does anyone have any other ideas to somehow eliminate the problem. All the email is coming from an address at HOME.COM. Murray http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: SirCam Virus Problem Exchange Server
NAI (formerly McAfee) has a really good product called GroupShield which does a fine job of screening files for viruses. It's part of the TVD suite. JJ *** Jeff Johnson MCSE+I, MCSE 2k Network Engineer Triple S Plastics *** Murray Freeman MFreeman@alan To: NT System Admin Issues [EMAIL PROTECTED] et.org cc: Subject: SirCam Virus Problem Exchange Server 09/24/2001 11:22 AM Please respond to NT System Admin Issues Our webmaster seems to have found a friend who apparently doesn't know she has the SirCam virus. We're being sent hundreds of emails from this one account to our webmaster. We've set up a rule to forward all these emails to our webmasters delete folder, but apparently that's creating problems as well. Our webmaster doesn't want us to shut down that alias, so does anyone have any other ideas to somehow eliminate the problem. All the email is coming from an address at HOME.COM. Murray http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: SirCam Virus Problem Exchange Server
This is what I meant instead of IIS Paul Rudolph, MCSE; MCP+Internet; CCA perotsystems GIS-Server Technology Group -Original Message- From: Andy Cottrell [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 11:01 AM To: NT System Admin Issues Subject:RE: SirCam Virus Problem Exchange Server Murray, You can block that email domain or address from your system using message filtering under the Internet Mail Service properties in Exchange. Andy -Original Message- From: Murray Freeman [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 10:22 AM To: NT System Admin Issues Subject: SirCam Virus Problem Exchange Server Our webmaster seems to have found a friend who apparently doesn't know she has the SirCam virus. We're being sent hundreds of emails from this one account to our webmaster. We've set up a rule to forward all these emails to our webmasters delete folder, but apparently that's creating problems as well. Our webmaster doesn't want us to shut down that alias, so does anyone have any other ideas to somehow eliminate the problem. All the email is coming from an address at HOME.COM. Murray http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm