I'm hoping that someone can shed some light on this topic for me. From time to time we will have a few users that will recieve multiple "System Undeliverable" emails that look as though there is a virus on their machine that is sending emails out. We run scans and there are no viruses. We run Antivirus at the server and workstation level so we know immediately when a user gets a virus. It almost looks like a virus somewhere is sending emails and spoofing the "from address" as one our users. Then when it hits a bad email address, it's gets kicked back to the spoofed address.....is this possible or can someone explain this to me a little better???
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Virus related System Undeliverable 1
- Thread starter mofohead
- Start date
-
1
- #2
That is exactly the case and is entirely possible, it doesn't even need to be a bad address just an address that is protected by AV that bounce an infected message back to the "sender".
What happens, and there are lots of viruses that do this (Netsky springs to mind), is that someone gets infected. The virus then looks in his address book and sends itself out to the addresses located in there. But it also pretends to be from one (or more) of the addresses that it finds in the address book.
So, when the infected mail hits the destination system and is bounced (either because of the infection or because of a bad address) it gets returned to the "from" address - the spoofed address.
Unfortunately, there's not alot that you can do about it.
Hope this helps clarify things a bit.
J.
What happens, and there are lots of viruses that do this (Netsky springs to mind), is that someone gets infected. The virus then looks in his address book and sends itself out to the addresses located in there. But it also pretends to be from one (or more) of the addresses that it finds in the address book.
So, when the infected mail hits the destination system and is bounced (either because of the infection or because of a bad address) it gets returned to the "from" address - the spoofed address.
Unfortunately, there's not alot that you can do about it.
Hope this helps clarify things a bit.
J.
To avoid the return of 'bad' addresses, you should disable NDRs to the internet on the MailServer
Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do You Get Great Answers To my Tek-Tips Questions? See faq222-2244
Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do You Get Great Answers To my Tek-Tips Questions? See faq222-2244
- Thread starter
- #4
- Thread starter
- #5
- Thread starter
- #6
- Status
Similar threads
- Locked
- Question