You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Marc Chamberlin <ma...@easystreet.com> on 2002/12/10 02:47:58 UTC

bugbear virus

Hi -
I am looking for some suggestions on a new problem that has appeared today... My James server (and me as its postmaster) is getting
hammered with a lot of email bounce notifications from servers all around the world.

As far as I can determine, (am not an expert here!) it appears that someone is sending emails out with a bogus return address that
implies that they are coming from a user of my James server. And all of these servers are trying to report back to me that these
emails could not be delivered for various reasons such as non-existent user, not allowed because I am not a member, and often
because the email is infected with a virus.

Specifically, these email bounces "appear" to be coming from a bogus user (SpitfireVentures@mydomain.com) and many are infected with
the W32.BugBear virus. Often they also appear to have been sent with a subject line of Re:  Make your toilet paper talk!

I have checked my server and can find no evidence of this or any other virus running on it. My virus checker does find evidence of
this virus in the attachments of the emails that are being reported by James to me as the Postmaster (when it reports to me that it
could not deliver these email bounces to this bogus user) and promptly quarantines them....

Any ideas on what I should do about this new mess? I guess I could try and configure James to just bitbucket these bounced emails,
but is that the best/only solution? Do others experience problems such as this one, often? I am relatively new to running an email
server so am trying to gain an understanding of how best to deal with issues such as this...

    Marc....




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

RE: bugbear virus

Posted by "Noel J. Bergman" <no...@devtech.com>.
Yeah, the latest fad amongst spammers has been to use a sender address for
some other domain.  You might find spam being sent out from your personal
address, and bounced to you because it is rejected.

So long as there is a lack of accountability and confirmed identity there
will be spam.

	--- Noel


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>