From owner-freebsd-questions@FreeBSD.ORG  Wed May 12 20:13:09 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 16C3916A4CF
	for <freebsd-questions@freebsd.org>;
	Wed, 12 May 2004 20:13:09 -0700 (PDT)
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 681CB43D1D
	for <freebsd-questions@freebsd.org>;
	Wed, 12 May 2004 20:13:08 -0700 (PDT)
	(envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.12.10/8.12.10) id i4D3CuOM088271;
	Wed, 12 May 2004 22:12:56 -0500 (CDT)
	(envelope-from dan)
Date: Wed, 12 May 2004 22:12:56 -0500
From: Dan Nelson <dnelson@allantgroup.com>
To: Bob Perry <rperry4@earthlink.net>
Message-ID: <20040513031256.GC81440@dan.emsphone.com>
References: <20040513030052.GA706@sphinx.alpha.domain>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040513030052.GA706@sphinx.alpha.domain>
X-OS: FreeBSD 5.2-CURRENT
X-message-flag: Outlook Error
User-Agent: Mutt/1.5.6i
cc: freebsd-questions@freebsd.org
Subject: Re: Return Delivery of Mail I've never Sent
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 May 2004 03:13:09 -0000

In the last episode (May 12), Bob Perry said:
> Just setup mutt and I've begun to notice mail return to me indicating
> that it did not pass the server content filter, etc.  The last one
> stated that a virus was found, file name disco.zip, virus name
> W32/Netsky.c@MM!zip and apprarently was found by McAfee Scanning
> Engine (4359/4.3.20).  What makes it worse is that the recipient is
> not recognizable.
> 
> I understand that my system can be used as a mail relay and would
> like to know how to combat this.  Can anyone point me in the right
> direction so that I can quickly resolve this issue?

Most likely the original email never touched your system.  A virus that
selects random sender and recipients from the infected machine's
addressbook sent a message to another system with a misconfigured virus
scanner that attempted to notify the sender that they're infected (even
though viruses have been forging the sender address for years).

-- 
	Dan Nelson
	dnelson@allantgroup.com