User Not On my server BUt sending spam

[bhanuprasad1981]

hi,

ia m getting frequent complaints from DC that spam is sent from server by a user who doesn't even exist on my server how can this be possible ? please help me to eradicate it

sample email :-

Code:

Received: from outbound-bu1.dca.untd.com (supportmail02.dca.untd.com [10.171.43.25])
by scanmaildb02.vgs.untd.com with SMTP id AABFTA27RADTFYTA
for (sender );
Fri, 27 Nov 2009 15:41:35 -0800 (PST)
Received: (qmail 16487 invoked by uid 514); 27 Nov 2009 23:41:34 -0000
X-Issue-Tag: .catch_spam_mail
Delivered-To: support-juno-com-spamdesk-spam@support.juno.com
Received: from outbound-bu1.dca.untd.com (webmail19.dca.untd.com [10.171.12.159])
by supportmail02.dca.untd.com with SMTP id AABFTA248AYFJVAS
for (sender );
Fri, 27 Nov 2009 15:40:14 -0800 (PST)
X-UNTD-OriginStamp: szZ1ymWg3oGaspsxfOkPaPRHOL0+gYWDqueaCIyWFER9Ni2hw5b4Qg==
Received: (from X)
by webmail19.dca.untd.com (jqueuemail) id PYEN9VR5; Fri, 27 Nov 2009 15:39:15 PST
X-EOW-USER-IP: 71.2.121.174
Received: from mx12.vgs.untd.com (mx12.vgs.untd.com [10.181.44.42])
by maildeliver04.dca.untd.com with SMTP id AABFS5R4DAQVSWHS
for (sender );
Wed, 25 Nov 2009 15:35:31 -0800 (PST)
Received-SPF: None
Received: from sccmmhc92.asp.att.net (sccmmhc92.asp.att.net [204.127.203.212])
by mx12.vgs.untd.com with SMTP id AABFS5R4DAA9CSHA
for (sender );
Wed, 25 Nov 2009 15:35:31 -0800 (PST)
DKIM-Signature: v=1; q=dns/txt; d=mchsi.com; s=dkim01;
i=matthartxmasoffer30@mchsi.com; a=rsa-sha256; c=relaxed/relaxed;
t=1259192130; h=Message-Id:Date:From; bh=Pu2h+9PFk0ThieHc7/NErPsM2
7ty3PagZEZjvgdEA2c=; b=rCcOFDxHUR0wY5AT+54R+34VmOLiLQf/j38VlpLb/UBj
VawIqr7nJw7eulx1UZ2Jc2mViKdrK6JgCuNiEpdu2w==
Received: from sccqwbc18 (scommcenter18.asp.att.net[204.127.203.180])
by mchsi.com (sccmmhc92) with SMTP
id ; Wed, 25 Nov 2009 23:30:38 +0000
Received: from [69.65.43.145] by sccqwbc18;
Wed, 25 Nov 2009 23:30:26 +0000
From: "Mr Matt Hart"
Reply-to: matthartloanoffer01@gmail.com
Date: Wed, 25 Nov 2009 23:30:26 +0000
Message-Id:
X-Mailer: AT&T Message Center Version 1 (Mar 2 2009)
X-Authenticated-Sender: bWF0dGhhcnR4bWFzb2ZmZXIzMEBtY2hzaS5jb20=
To: Undisclosed-recipients: ;
X-UNTD-BodySize: 66
X-UNTD-SPF: None
X-UNTD-SIGN-INFO: 37d97901383d80b57174340dcd6001d9148160c14de1381538711171343425149d049d807170e100e991e0e9e4e970
X-ContentStamp: 1:1:2562239111
X-MAIL-INFO:3725850920a570f0ad95b049c0b091f149a0c0c0515515014951f0c9d08561a431
X-UNTD-Peer-Info: 204.127.203.212|sccmmhc92.asp.att.net|sccmmhc92.asp.att.net|matthartxmasoffer30@mchsi.com
X-UNTD-UBE:-1
Subject: Ref # [1M3cR0q9mY1Lq2r]
X-Juno-Message-Id: 1M3cR0q9mY1Lq2r06Bx
X-Thread-Count: 1
X-UNTD-SPAMDESK-TYPE: EOW-SPAM

Email matthartloanoffer01@gmail.com, for more info about a loan.

[thewebhostingdi]

If you have an access to your server then from command prompt kindly check the mail logs with the particular message id : 1M3cR0q9mY1Lq2r06Bx
as shown below:

cat /var/log/exim_mainlog | grep 1M3cR0q9mY1Lq2r06Bx

Once you type the above command in your command prompt you will get the domain name from which SMTP authentication the mail was sent. Kindly have a try.

[bhanuprasad1981]

i get no result nothing found

[sparek-3]

Is the server in question a cPanel server? I am not seeing any Exim message ids in the headers you provided.