I have W32.soberx@mm virus mails delivering to a different address than the mail is sent to. For example, the mail is addressed to "mailingbox@<domain>". But it delivered to a user mailbox, and that user has no matching SMTP address.
I'm a little confused on how it is delivering to his mailbox. Others came in and went to "all users" although addresses to a single address "Bruce@<domain>".
Ideas?
Here are the headers from a recent one.
**********************
Microsoft Mail Internet Headers Version 2.0
Received: from mail.<domain name> ([10.53.5.235]) by <Mail server name> with Microsoft SMTPSVC(6.0.3790.211); Tue, 22 Nov 2005 06:35:22 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Received: from ffkpmbjsd.edu ([24.248.44.3] RDNS failed) by <Front end server name> with Microsoft SMTPSVC(6.0.3790.0); Tue, 22 Nov 2005 06:35:22 -0500
From: <fisch.mathias@mayo.edu>
To: <mailingbox@<domain name>>
Date: Tue, 22 Nov 2005 11:24:37 GMT
Subject: hi, ive a new mail address
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
Message-ID: <faa9.cdf38e1ebad9@<domain name>>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=26fbe08badc.b904cefd638"
Content-Transfer-Encoding: 7bit
Return-Path: <fisch.mathias@mayo.edu>
X-OriginalArrivalTime: 22 Nov 2005 11:35:23.0098 (UTC) FILETIME=[D34AC3A0:01C5EF58]
--=26fbe08badc.b904cefd638
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
--=26fbe08badc.b904cefd638
Content-Description: Quarantined Attachment Report
Content-Type: text/plain;
name="Quarantined Attachment.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Quarantined Attachment.txt"
--=26fbe08badc.b904cefd638--
I'm a little confused on how it is delivering to his mailbox. Others came in and went to "all users" although addresses to a single address "Bruce@<domain>".
Ideas?
Here are the headers from a recent one.
**********************
Microsoft Mail Internet Headers Version 2.0
Received: from mail.<domain name> ([10.53.5.235]) by <Mail server name> with Microsoft SMTPSVC(6.0.3790.211); Tue, 22 Nov 2005 06:35:22 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Received: from ffkpmbjsd.edu ([24.248.44.3] RDNS failed) by <Front end server name> with Microsoft SMTPSVC(6.0.3790.0); Tue, 22 Nov 2005 06:35:22 -0500
From: <fisch.mathias@mayo.edu>
To: <mailingbox@<domain name>>
Date: Tue, 22 Nov 2005 11:24:37 GMT
Subject: hi, ive a new mail address
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
Message-ID: <faa9.cdf38e1ebad9@<domain name>>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=26fbe08badc.b904cefd638"
Content-Transfer-Encoding: 7bit
Return-Path: <fisch.mathias@mayo.edu>
X-OriginalArrivalTime: 22 Nov 2005 11:35:23.0098 (UTC) FILETIME=[D34AC3A0:01C5EF58]
--=26fbe08badc.b904cefd638
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
--=26fbe08badc.b904cefd638
Content-Description: Quarantined Attachment Report
Content-Type: text/plain;
name="Quarantined Attachment.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Quarantined Attachment.txt"
--=26fbe08badc.b904cefd638--