qjvgpuryy Posted June 15, 2005 Share Posted June 15, 2005 I keep receiving strange e-mails marked "Undeliverable" that appear to be from nonexistent local e-mail addresses. Here is the Tracking URL of one of them. I'm using Pegasus Mail and have no problem reporting, except for these. Can anyone tell me how this can happen? Link to comment Share on other sites More sharing options...
Wazoo Posted June 15, 2005 Share Posted June 15, 2005 I played a bit with Mercury a few years back, but have no knowledge on Pegasus. From what is provided, it sounds like you might need to contact Dave Harris directly to see how to figure out where the traffic is actually coming from (or why pegasus isn't showing that data ..) It is possible that it's a direct-to-MX action, but that still doesn't ecplain the lack of the connecting / source IP ... At any rate, the particular spam item is known to be a virus generated item, the SpamCop version talked about in the Announcements section ... there is talk elsewhere (and right now I don't recall if it was here, over in the newsgroups, one of the anti-virus sites ... (it's been a busy day) .. but the gist of it seems to be some atrocious handling/mangling of e-mails by some anti-virus products and some e-mail servers, in that the 'de-fanging' of the virus also includes stripping header lines from the e-mail for some reason, then forwarding on the garbage that now remains ... like the recipient actually cares that some inknown entity somewhere in the world has an infected system and is sending out e-mail that gets trashed in transport so bad that there's no way to track it back to any kind of source ...???? Link to comment Share on other sites More sharing options...
Jeff G. Posted June 15, 2005 Share Posted June 15, 2005 It looks like your Exchange Server is either infected or not capable of correctly tracking this worm, which is probably one of the variants of what Symantec is calling "W32.Mytob[at]mm". Link to comment Share on other sites More sharing options...
qjvgpuryy Posted June 16, 2005 Author Share Posted June 16, 2005 At any rate, the particular spam item is known to be a virus generated item, the SpamCop version talked about in the Announcements section 29343[/snapback] Didn't connect the two, sorry. the gist of it seems to be some atrocious handling/mangling of e-mails by some anti-virus products and some e-mail servers, in that the 'de-fanging' of the virus also includes stripping header lines from the e-mail for some reason, then forwarding on the garbage that now remains 29343[/snapback] We're using Norton Antivirus and an Exchange Server here. It looks like your Exchange Server is either infected or not capable of correctly tracking this worm 29347[/snapback] I'll have to look into that - I hope it's the second and not the first! Thanks to both of you. P.S. Multiquote is cool! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.