Major spam attack on my domain

It’s around 1pm on 3/23 - in the last 12 hours, I’ve recieved over 500 pieces of spam mail, all with identical Received from: headers:

Return-Path: DV6.2373@twister.nyc.rr.com
Delivered-To: m9489623@plunder.dreamhost.com
Received: from hans.net (dial-bu-185-234.wcnet.org [157.134.185.234])
by plunder.dreamhost.com (Postfix) with SMTP id 399DC863E2
for 699100clrrmas@jukeboxgraduate.com; Tue, 23 Mar 2004 12:51:23 -0800 (PST)
Date: Tue, 23 Mar 2004 15:52:13 -0500
To: 699100clrrmas@jukeboxgraduate.com
Subject: Re: Document
From: DV6.2373@twister.nyc.rr.com
Message-ID: ywwspjxfnemlgkvgifk@jukeboxgraduate.com
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------kyukpywdwytdnwfyetec"

What I’d like to be able to do is turn on (or turn off) the ability for someone to send email to any address at my domain - you’d have to have an actual address, you couldn’t just use [anything]@mydomain.com to get email through. I have Razor set up but it’s just not catching these.

I suspect this is a deliberate target as the addresses that are being spoofed as the return addresses come from a usenet newsgroup I frequent.

I have contacted the spam and abuse and postmaster aliases at the wcnet.org and hans.net domains as well.

Any help or advice welcomed.

You want to turn this on, or off?

You can remove the catchall alias from the web panel under Mail => Addresses - won’t that do what you want?

From the subject line, I’d guess that this is a virus, and not spam.

I want to turn it off, I guess.

“You can remove the catchall alias from the web panel under Mail => Addresses - won’t that do what you want?”

I don’t know if that’s what I want to do - thus the reason I was here asking for help. I"m sorry, but there isn’t any documentation on this that I could find.

“From the subject line, I’d guess that this is a virus, and not spam.”

Just to clarify - you’re saying that the sender of these messages has a virus, correct? NOt that there’s a virus on my machine?

If you only want mail for addresses that are explicitly specified to work, and don’t want to receive mail addressed to any unspecified address at your domain, you should remove the “*” (catchall / wildcard) alias. You don’t need to set * to bounce or delete - just remove the entry entirely.

Basically, yes. The message itself is likely a virus.