Infected mails from mydomain

Jim Holland mailscanner at MANGO.ZW
Wed Jan 4 18:55:44 GMT 2006


On Wed, 4 Jan 2006, Matt Kettler wrote:

> Date: Wed, 4 Jan 2006 13:11:58 -0500
> From: Matt Kettler <mkettler at EVI-INC.COM>
> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> Subject: Re: Infected mails from mydomain
> Chris Boyd wrote:
> > Am i getting these messages sent to my admin alias (ie admin at because someone is spoofing my email address and sending out infected attachments? 
> Given that Symantec found a Sober variant virus in it, I'd say with 99.9999%
> certainty that forgery is the case. Sober tries hard to always forge the
> return-path and From: headers.

While that is true, I would put the explanation the other way around:  
Chris Boyd is receiving these notices because Symantec stupidly bounces
known viruses back to the spoofed sender address.  Whenever I get one of
these bounces I send back a polite but firm response to the system sending
it pointing out the unacceptability of this annoying behaviour (and
suggesting that they switch to MailScanner of course).


Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list