[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Weird message header?

Take a look at 


http://www.spamcop.net

Matth


Am Mittwoch, 27. Dezember 2000 16:09 schrieb Peczoli Zoltan:
> Hi,
>
> Some of my system users periodically receive an Win95.Hybris.Gen.dr
> infected EXE file. I tried to trace down the sender, but unfortunately i'm
> pretty lame interpreting the mail header. It goes like this:
>
> Envelope-to: somebody@mydomain.com
> Received: from [212.108.236.133] (helo=d4t2e9)
>         by mydomain.com with smtp (Exim 3.16 #1 (Debian))
>         id 149C7D-0000vQ-00
>         for <somebody@mydomain.com>; Thu, 21 Dec 2000 21:15:04 +0100
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="--VE74123GD23SXEF4TEZW167"
> Message-Id: <E149C7D-0000vQ-00@mydomain.com>
> From: Remote Mail Delivery System <>
> Bcc:
> Date: Thu, 21 Dec 2000 21:15:04 +0100
> Status:
> X-PMFLAGS: 570949760 0 1 P29A60.CNM
>
> 1. What is the 'Envelope-to' line?
> 2. What was the route of this mail? It looks that my system relayed the
> given host's outgoing mail. It's impossible, I've told exim not to do so
> (I think :)
>
> It's very annoying to get this exe file every month, so if I cannot find
> out who the sender is, it would be great to block these letters. How can I
> do this?
>
> Thanx:
>           Pocok
>
> PS. Please forgive me if I'm too off-topic, I think other admins may find
> the replys useful if this virus occurs to them.
Reply to: