[Techtalk] Re: [Issues] Klez

[Terri Oda]

>Anyone feel like posting a "How to examine mail headers" howto or
>link?
>
>It occurs to me that with Klez rampant, we are all going to get
>lots of practice at this...

My favourite header for Klez is the Return-Path: which *seems* to actually 
give me the correct email address.  At least, this is the email address 
that jives with the rest of the headers.  (As in, if the mail seems to have 
come from MyDomain.com and the header says Return-Path: <Amy at MyDomain.com> 
then I figure it's likely that Amy is the viral carrier at the moment, not 
whoever the From: address appears to be.)

Unfortunately, this is one of the headers eaten by mailman when someone 
sends a virus to *-admin at linuxchix.org, but it comes through just fine when 
they're sent for moderation.  Unfortunately, I didn't really keep a list of 
such addresses, so I don't really know who the culprits on linuxchix are 
aside from the 6 addresses I dumped into a temporary file one day as I was 
doing moderations:
         <montgomery at inbox.ru>
         <ILNORMAN at PRODIGY.NET>
         <jenkinsmarietta at panola.com>
         <obdjr01 at cox.net>
         <greens at cyberus.ca>
         <njco05 at dreamscape.com>

  Terri