Topic: virus or something like it?

[needbeer]

Greetings,
I am running SME 6.0 and am seeing something odd. I am getting emails that have some type of failure message in the subject line and in the body there is a description of why the original email failed.  The odd part is the emails are originating from my domain (or at least that is how they appear) but being sent from users that do not exist in my domain. There are only 4 users configured in my domain and the majority of these failed emails are coming from people that do not have mail accounts on my SME server.
Has my server been hijacked? Being used as relay?
Any ideas on the cause and how I can fix it?
I think some of the emails being sent from my domain might contain one of the new viruses floating about.

Any help would be appreciated.

[pete]

Nah, have a look at the 'features' of some of the popular viruses, mydoom does exactly what your describing.

It will find an outlook user who has recieved mail from one of your users, grab the sender address and a radom recipient address and form an email, it will bounce and bounce back to you, seemingly occuring from your network...as log asthe attachments is no longer present its just an annoyance.

[needbeer]

Thanks Pete. A little more detail just so I understand what is happening here. Both of the machines at my house are Macs running OSX v10.2.8. We are both using Mac Mail v1.2.5. Both are running Norton AV and are kept up to date.

When the email comes back it says "Returned Mail: See Transcript for Details" and the message body will state the reason (unknown recepient, virus detected, etc...). The original mail that is being returned to me has an email address seemingly from my domain but the actual sender does not exist in my domain.

So that I understand, these are messages being sent to me that originated on someone elses infected machine and, are being built to look like a returned email and sent to me?

If thats the case.... Pretty clever.

Thanks for your help.