I've received 2 email responses in the last 12 hours. 1 was from AOL saying it was rejecting an email from me that I never sent. The other was from a french company saying that I sent them an email with mydoom in it (I think... I don't read french). The AOL email was addressed directly to me, the french one was addressed to a username that I don't use at my domain (all email sent to domain, no matter what username, goes to the same mailbox).
I run only linux and OS X computers, and have not checked my email from any windows machines, other than through horde, in the last month. my logs show only normal remote accesses I did via ssh and imap (unencrypted), none of which I logged in as root. My maillog from sendmail shows no record of sending the emails that the responses were to.
Can I safely assume that I do not have a virus on my mail server? To my knowledge mydoom is a windows only worm, and I've also heard it spoofs the from address. I'm thinking it's likely that it spoofed 2 addresses which contained my domain in them.
What does everyone else think? Do I have a virus? Should I be worried? Is there a way to check?
-Venkman
I run only linux and OS X computers, and have not checked my email from any windows machines, other than through horde, in the last month. my logs show only normal remote accesses I did via ssh and imap (unencrypted), none of which I logged in as root. My maillog from sendmail shows no record of sending the emails that the responses were to.
Can I safely assume that I do not have a virus on my mail server? To my knowledge mydoom is a windows only worm, and I've also heard it spoofs the from address. I'm thinking it's likely that it spoofed 2 addresses which contained my domain in them.
What does everyone else think? Do I have a virus? Should I be worried? Is there a way to check?
-Venkman
