Weird message header?

To: Debian user list <debian-user@lists.debian.org>
Subject: Weird message header?
From: Peczoli Zoltan <pocok@pcdome.hu>
Date: Wed, 27 Dec 2000 23:09:23 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.21.0012272251060.13483-100000@pcdome.hu>

Hi, 

Some of my system users periodically receive an Win95.Hybris.Gen.dr
infected EXE file. I tried to trace down the sender, but unfortunately i'm
pretty lame interpreting the mail header. It goes like this:

Envelope-to: somebody@mydomain.com
Received: from [212.108.236.133] (helo=d4t2e9)
        by mydomain.com with smtp (Exim 3.16 #1 (Debian))
        id 149C7D-0000vQ-00
        for <somebody@mydomain.com>; Thu, 21 Dec 2000 21:15:04 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--VE74123GD23SXEF4TEZW167"
Message-Id: <E149C7D-0000vQ-00@mydomain.com>
From: Remote Mail Delivery System <>
Bcc:
Date: Thu, 21 Dec 2000 21:15:04 +0100
Status:   
X-PMFLAGS: 570949760 0 1 P29A60.CNM

1. What is the 'Envelope-to' line? 
2. What was the route of this mail? It looks that my system relayed the
given host's outgoing mail. It's impossible, I've told exim not to do so
(I think :)

It's very annoying to get this exe file every month, so if I cannot find
out who the sender is, it would be great to block these letters. How can I
do this?

Thanx:
          Pocok

PS. Please forgive me if I'm too off-topic, I think other admins may find
the replys useful if this virus occurs to them.

Reply to:

Follow-Ups:
- Re: Weird message header?
  - From: kmself@ix.netcom.com
- Re: Weird message header?
  - From: Bob Bernstein <poobah@ruptured-duck.com>
- Re: Weird message header?
  - From: matthschulz <matthschulz1@worldnet.att.net>

Prev by Date: Re: lilo.conf -modifying
Next by Date: Re: lilo.conf -modifying
Previous by thread: Re: Apache Error: srm.conf
Next by thread: Re: Weird message header?
Index(es):
- Date
- Thread