Has anyone noticed email sitting in the queue from this email address? I have two servers and there is mail on both servers with this same return address. Each email has a virus attached. They seem to originate from different IP addresses or are spoofed. Here is a sample from one of them: [quote:602ac91469] Return-path: Received: from cable-213-132-133-57.upc.chello.be ([188.8.131.52] helo=IMEDIA-VDB) by xxxxxxxxxxx.net with esmtp (Exim 3.36 #1) id 18YWHl-00045V-00 for firstname.lastname@example.org; Tue, 14 Jan 2003 13:59:41 -0500 From: To: Subject: Re: Movies Date: Tue, 14 Jan 2003 20:01:23 +0100 Importance: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MSMail-Priority: Normal X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=&CSmtpMsgPart123X456_000_01BD22CB& Message-Id: This is a multipart message in MIME format --CSmtpMsgPart123X456_000_01BD22CB Content-Type: text/plain; charset=&iso-8859-1& Content-Transfer-Encoding: 7bit Attached file: --CSmtpMsgPart123X456_000_01BD22CB Content-Type: application/octet-stream; name=&Document003.pif& Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=&Document003.pif [/quote:602ac91469] Since the IP address is different there isn't a way to block based on that. Is there a way to block based on the return address?