Getting hit with email virus attachments of 75K, how can I block this?

PWSowner

Well-Known Member
Nov 10, 2001
2,901
4
343
ON, Canada
Other than having your default address set to fail, you can't do much. Between my many different POP accounts I've gotten around 100 of them today. I've even gotten a couple of bounce messages from ones I supposedly sent.

Some idiot out there is having fun seeing how many people will launch his attachments. They contain [email protected]
 

Website Rob

Well-Known Member
Mar 23, 2002
1,501
1
318
Alberta, Canada
cPanel Access Level
Root Administrator
Chirpy, which Server-side eMail Virus scanner worked best for you?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
Well, ClamAV works fine for me as a freely available scanner. Others like fprot and nod32. TBH, I find that the additional file type and file name filters in MailScanner block nearly everything anyway regardless of virus scanning.
 

PWSowner

Well-Known Member
Nov 10, 2001
2,901
4
343
ON, Canada
One thing about these emails that has me puzzled.

I have several email addresses I use that are set as forwarders to one POP account and the default is set to fail, but somehow I'm getting these emails to all different variations. The most recent one is [email protected] but I can't even send email to that. I view the raw file and there are no other addresses in the headers. How can they send emails to something that should fail and get it to me? Chirpy??? ;)
 

wipl

Active Member
Oct 12, 2003
37
0
156
PWSowner said:
One thing about these emails that has me puzzled.

How can they send emails to something that should fail and get it to me? Chirpy??? ;)
Even I'm having the same problem, lotsa domains on which default account is set to fail are still receving mails on addresses like [email protected] while these kinda email doesn't exist at all. :confused:
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
There's a subtle difference in the way emails are routed by the SMTP protocol that you do have to be careful about. Exim does its account checking on the email address using the SMTP protocol exchange at the beginning of delivery using the results from the "RCPT TO: [email protected]" command. That email address does not have to be the same as what appears in the email header for the To: (or other recipient) fields. I would suspect that that's where the confusion/problem is.