06-05-2006 07:11 PM
I've had 2 reports of this so far today. A message comes in to the recipient, and the sender appears the same. In other words, it looks like the recipient sent this to themselves. However, if you look at the headers, it is coming from the Internet (different servers). Brightmail is marking it as Suspected SPAM.
In the first report, the Subject is '455' and the message body is '5556'. In the second report, the Subject is 586876' and the message body is '969'. That's it. Just the numbers. Nothing funny in the header. It is in HTML format, but nothing funny in the source.
06-06-2006 03:38 AM
We're getting heaps. The Brightmail Plugin doesn't want to report them as spam (as the self addressed envelope confuses it)
06-06-2006 02:11 PM
At first, I just thought that it was some sort of broken/sterile virus, but the more I think about it, it appears to be some form of SPAM. I dunno. Maybe it's some chickenboner, trying to set up his bulk mail application. The two that were reported to me yesterday were from different servers. Either proxies or a bot net. One was located in Russia, and another in Greece.
Yeah, the good ol' Brightmail Plugin. Doing us a favor by not allowing us to report our own users. I guess you can report them the old fashioned way. I'm beginning to wonder, though, if anyone ever reads those reports.
https://ironport.custhelp.com/cgi-bin/ironport.cfg/php/enduser/std_adp.php?p_faqid=119&p_li=cF91c2VyaWQ9MXJvblAwcnQmcF9wYXNzd2Q9Zm8wQmE1
06-06-2006 02:54 PM
Looks like a worldwide issue.
http://isc.incidents.org/
I'm seeing the same. 30 just since midnight from 30 different domains all around the world.
06-07-2006 02:40 AM
Any workaraund for this?
We also got this type the last two days.
06-07-2006 03:04 AM
Two solutiona:
1) contact customer support they have a reommended filter.
2) filter/quarantine emails from the Internet which spoof your own domain.
06-08-2006 02:39 AM
any best practice to use message filters that macth from and to?
i.e:
if (mail-from == rcpt-to) {
then..
}
or
if (header('From') == header('To')) {
then..
}
TIA
06-08-2006 08:24 PM
Our company has Feature request #837 opened on this with IronPort. If you think that it would be helpful for you as well, you could send a message to support and asked to be added to the feature request.
06-12-2006 06:01 PM
Here's the scoop on this wave of spam.
According to Symantec, it's a new Beagle variant which they named W32.Beagle.FC. More information can be found on the link bellow:
W32.Beagle.FC
06-13-2006 03:05 AM
According to Symantec, it's a new Beagle variant which
06-14-2006 03:29 PM
Since the virus doesn't forward an infected attachment with the email, I doubt that Sophos is blocking it. It's probably either Brightmail or it may just be that the virus isn't very wide-spread anymore.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide