Hello,
I have been searching around the forums for a bit looking through threads but cant seem to find a definative answer.
Problem:
We are being hammered by a person who is infected with NetSky, see example header below:
Return-Path: <sam@engr.sgi.com>
Delivered-To: maillog@ms04.langs.net.au
Received: (qmail 12924 invoked by alias); 26 Jul 2004 00:33:24 -0000
Delivered-To: alias-localdelivery-maillog@langs.net.au
Received: (qmail 12907 invoked from network); 26 Jul 2004 00:33:24 -0000
Received: from rdlax12-b234.dialup.optusnet.com.au (HELO langs.net.au) (198.142.42.234)
by ms04.langs.net.au (xxx.xxx.xxx.xxx) with ESMTP; 26 Jul 2004 00:33:08 -0000
From: sam@engr.sgi.com
To: rachael@langs.net.au
Subject: Re: Your picture
Date: Mon, 26 Jul 2004 10:32:52 +1000
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0006_00005FAD.000026FB"
X-Priority: 3
X-MSMail-Priority: Normal
X-BitDefender-Scanner: Clean, Agent: Qmail 1.5.6 (ms04)
Everyday we recieve about 100 or so of these. Now we are running BitDefender and it works fine, but I would like to put something infront of BitDefender so that it looks to see that the from address is the same as the originating server, in this case it always come from a different IP/host but it always has the end of the address end in dialup.optusnet.com.au.
I have emailed Optus and complained but have not seen any action, nor do I expect it.
So any suggestions how to stop this?
Thanks for your time!
Cyrus Bharda
3 Replies
726 Views