For some time now (that is only last several weeks) - I have been recieving virus mail that was delivered to the secondary MX (rollernetwork).
After all it looks like this :
bla bla bla ......BANNED CONTENTS ALERT
Our content checker found
banned name: P=p003,L=1,M=multipart/mixed | P=p002,L=1/2,M=application/octet-stream,T=zip,N=information.zip | P=p004,L=1/2/1,T=exe,T=exe-ms,N=information.txt ... .exe | P=p005,L=1/2/1/1,T=empty,N=1979
in email presumably from you (<webmaster@kesor.net>),
to the following recipient:
-> mike@kesor.net
What I see on these headers, is that some virus host is identifying as my server, and thus rollernetwork allows him to send mail to users on my network (even though no such user exists, but thats another issue).For your reference, here are headers from your email:
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <webmaster@kesor.net>
Received: from mail2.rollernet.us (mail2.rollernet.us [66.224.163.2])
by monster.kesor.net (Postfix) with ESMTP id 61F1C27
for <mike@kesor.net>; Fri, 10 Jun 2005 21:31:32 +0300 (IDT)
X-RollerNet-Abuse: Roller Network SMTP Services. Please read http://rollernet.us/abuse.php
Received: from kesor.net (bzq-82-80-218-220.red.bezeqint.net [82.80.218.220])
by mail2.rollernet.us (Postfix) with ESMTP id C2FEC621369
for <mike@kesor.net>; Fri, 10 Jun 2005 11:31:19 -0700 (PDT)
From: webmaster@kesor.net
To: mike@kesor.net
Subject: WEL
Date: Fri, 10 Jun 2005 20:31:28 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0002_B1687C6F.86E5A1A3"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20050610183119.C2FEC621369@mail2.rollernet.us>
-------------------------- END HEADERS ------------------------------
Anyways - my suggestion -- notice the host in bold, its not my server. What reason is there for mail from any internet host that sais 'kesor.net' but is not mine to be trusted? mostly virii do this.