how to tell who is sending email with virus

Página superior
Adjuntos:
Obtener este mensaje como un correo
+ (text/plain)
Eliminar este mensaje
Responder a este mensaje
Autor: elemint@theriver.com
Fecha:  
A: plug-discuss
Asunto: how to tell who is sending email with virus
On my postfix box what is the easiest way to add up what IP is sending all
of the viruses to my mailserver?

I am not sure if below text is just the log created for 1 email or more
than 1 email.

What I see in my logs:

Jun 15 14:23:31 mail postfix/cleanup[30419]: 1: message-id=<x5904.
74764043277@....>
Jun 15 14:23:31 mail postfix/qmgr[3515]: CAF1A6F6E1:
from=<>,
size=18648, nrcpt=1 (queue active)
Jun 15 14:23:31 mail postfix/smtpd[30015]: disconnect from unknown[ip address
]
Jun 15 14:23:31 mail amavis[30512]: (30512-02) INFECTED (Worm.Zafi.B),
<someone@mic
rosoft.com> -> <>, quarantine virus-015-142331-3
0512-02, Message-ID: <x548811904.74294043277@wn>, Hits: -
Jun 15 14:23:31 mail postfix/smtp[30341]: CAF6E1:
to=<>, relay=127.0.0.1[127.0.0.1], delay=1,
status=sent (250 2.7.1 Ok, discarde
d, id=30512-02 - VIRUS: Worm.Zafi.B)
Jun 15 14:23:34 mail postfix/smtpd[30015]: warning: their.ip: hostname
someone.likes.sendvirus.domain verification failed: Host not found
Jun 15 14:23:34 mail postfix/smtpd[30015]: connect from
unknown[some.ip.of.virus.sender]
Jun 15 14:23:34 mail postfix/smtpd[30015]: E44C96F6E1: client=unknown[]
Jun 15 14:23:35 mail postfix/cleanup[30362]: E44C96F6E1:
message-id=<x548811904.
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss