Results 1 to 4 of 4

Thread: Help, how can i find this spammer on my server?

  1. #1
    BANNED
    Join Date
    Feb 2002
    Posts
    656

    Default Help, how can i find this spammer on my server?

    I dont host any of the domains in this email and my hosting company says they will shut me down if these emails continue, how can i find out who is sending this?
    - SpamCop V1.3.3 -
    This message is brief for your comfort. Please follow links for details.

    http://spamcop.net/w3m?i=z324661915z...5aea1f0e4e1a2z
    Email from 205.243.144.1 / Fri, 4 Jul 2003 14:08:34 -0400

    Offending message:
    Return-Path: <ambrosia@clerk.com>
    Received: from clerk.com (server114.wehosting.com [205.243.144.1])
    by compudirectinc.com (8.12.9/8.12.8) with SMTP id h64I8XhL019076
    for <x>; Fri, 4 Jul 2003 14:08:34 -0400
    Received: from comic.com (21406 [168.239.192.121]) by athenet.net (8.12.1/8.12.1) with ESMTP id 18990 for <x>; Mon, 30 Jun 2003 14:11:05 -0700
    Received: from euskalnet.net ([241.71.142.16]) by newnorth.net (8.9.3/8.9.3) with SMTP id 19616 for <x>; Sat, 28 Jun 2003 06:59:56 -0700
    Date: Fri, 4 Jul 2003 14:08:25 -0400
    Wrom: YZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWF
    X-Mailer: Microsoft Outlook Express 6.00.2800.1158
    X-Priority: 2 (High)
    Message-ID: <1057________________0138@clerk.com>
    To: x
    Subject: 100% Safe To Take, With NO Side Effects
    MIME-Version: 1.0
    Content-Type: multipart/mixed; boundary="----------1057352905793651856"
    X-UIDL: <p+"!Y_m"!-K6"!ph="!

    <html><body text=#000000 bgcolor=#FFFFFF link=#FF0000 vlink=#CC0000 alink=#FF0000> <div align="center"><font face="Georgia, Times New Roman, Times, serif"><b>Introducing VP-RX Pills</b><br> <b><font color=#000099 size=4>NO.1 Penis Enlargement Pill On The Market!</font></b><br><a href="http://www.herbalpillsonline.biz/cgi-bin/affiliates/click.cgi?id=pills05"><img src="enlarge.gif" width=288 height=75 border=0></a><br> * Gain <b>3+ Full Inches</b> In Length<br> * Expand Your Penis <b>Up To 20% Thicker</b><br> * Stop Premature Ejaculation!<br> * Produce <b>Stronger Erections</b><br> * <b>100% Safe To Take</b>, With No Side Effects<br> * Fast Distribution Worldwide<br> * Sold Over 1.2 Million Bottles!<br> * <b>No Pumps! No Surgery! No Exercises!</b><b><A HREF="http://www.herbalpillsonline.biz/cgi-bin/affiliates/click.cgi?id=pills05"><br> <br> <font size=5>READ MORE HERE<br> Do not loose you chance to be<br> a REAL MAN</font></A></b></font><br><font color=#FFFFFF>http://www.herba!
    lpillsonline.biz/cgi-bin/affiliates/click.cgi?id=pills05</font></div></body></html>

    cPanel.net Support Ticket Number:

  2. #2
    Registered Member twhiting9275's Avatar
    Join Date
    Sep 2002
    Posts
    370
    cPanel/WHM Access Level

    Root Administrator

    Default

    Use the tools given to you in Exim/WHM

    Firstly, use the manage mail stats link. This will tell you who's SENT the most mail, among other things.

    Secondly, use the mail queue option. With most, you will find that there's a bunch of mail waiting to be sent, cuz it's sent to the wrong address, or the address doesn't exist or some crap.

    Thirdly, use the built in linux commands to search for anything involving that IP address, or that domain , both in the log directory and apache's logs.

    cPanel.net Support Ticket Number:

  3. #3
    BANNED
    Join Date
    Feb 2002
    Posts
    656

    Default

    Is this it?
    Top 50 local destinations by message count
    ------------------------------------------

    11954 62621793 :blackhole:
    1943 3254525 ewocion
    407 1808870 cybrport
    271 3766984 vlp
    270 1410813 fathergo
    261 1392809 dave
    245 1198507 tranzdat
    180 2074095 bootyma
    166 790691 condon
    150 650101 /dev/null
    112 2440870 info
    107 440353 guddie
    100 571312 oficina
    89 389548 elliott
    89 315281 robmanc
    81 623549 cduff
    78 407354 usmaleo
    76 516048 |/usr/local/cpanel/3rdparty/mailman/mail/wrapper mailowner albemigrant_albemigrant.com (albemigrant-admin@albemigrant.com)
    74 3754899 tim
    68 307768 mandar
    68 201359 mail
    60 342347 dstorey
    51 3132304 ceo
    51 1302035 rlyon
    46 209672 marquisj
    44 290285 dan
    42 168784 marys
    42 163402 kagi
    41 133830 jameshom
    40 141592 ken
    33 271123 biofuel
    30 287712 dustin
    30 205698 stmerid
    29 6291857 rosiewol
    28 299287 surpin
    28 208543 jlibson
    27 103935 |/usr/bin/perl /home/vlpnet/www/cgi-bin/arp3/arp3-emailcapture.pl (vlpnet@vlp.net) <24win@vlp.net>
    25 346821 |/usr/local/cpanel/bin/autorespond albemigr@albemigrant.com /home/albemigr/.autorespond (albemigr@albemigrant.com)
    25 127201 poteauc
    25 124794 catchall
    25 107765 intl-bus
    24 122670 djflako
    23 109765 upno
    23 62565 |/usr/bin/perl /home/vlpnet/www/cgi-bin/arp3/arp3-emailcapture.pl (vlpnet@vlp.net)
    22 333086 rastafas
    21 866795 admin
    21 65918 ic8
    21 50281 /dev/null
    20 2099043 andrew
    20 362856 trhughes

    cPanel.net Support Ticket Number:

  4. #4
    Registered Member
    Join Date
    Feb 2003
    Location
    Sachse, TX
    Posts
    567

    Default Hmm..

    From SpamCop's Report:
    ===================
    Parsing header:

    Received: from clerk.com (server114.anhosting.com [205.243.144.8]) by compudirectinc.com (8.12.9/8.12.8) with SMTP id h64I8XhL019076 for <x>; Fri, 4 Jul 2003 14:08:34 -0400
    Possible spammer: 205.243.144.8
    205.243.144.8 is not an MX for server114.anhosting.com
    host server114.anhosting.com (checking ip) = 205.243.144.8
    Received line accepted

    Received: from comic.com (21406 [168.239.192.121]) by athenet.net (8.12.1/8.12.1) with ESMTP id 18990 for <x>; Mon, 30 Jun 2003 14:11:05 -0700
    host 205.243.144.8 (getting name) = server114.anhosting.com.
    host server114.anhosting.com (checking ip) = 205.243.144.8
    205.243.144.8 not listed in dnsbl.njabl.org
    205.243.144.8 not listed in proxies.blackholes.easynet.nl
    205.243.144.8 not listed in dnsbl.sorbs.net
    205.243.144.8 is not an MX for athenet.net
    205.243.144.8 is not an MX for compudirectinc.com
    205.243.144.8 not listed in dnsbl.njabl.org
    Possible spammer: 168.239.192.121
    host athenet.net (checking ip) = 209.103.196.8
    209.103.196.8 not listed in dnsbl.njabl.org
    209.103.196.8 not listed in proxies.blackholes.easynet.nl
    209.103.196.8 not listed in dnsbl.sorbs.net
    Chain test:athenet.net =? server114.anhosting.com
    host server114.anhosting.com (checking ip) = 205.243.144.8
    205.243.144.8 is not an MX for athenet.net
    host athenet.net (checking ip) = 209.103.196.8
    205.243.144.8 is not an MX for athenet.net
    Chain test failed
    Chain test:athenet.net =? 205.243.144.8
    205.243.144.8 is not an MX for athenet.net
    host athenet.net (checking ip) = 209.103.196.8
    205.243.144.8 is not an MX for athenet.net
    Chain test failed
    Routing details for 205.243.144.8
    De-referencing xnet.com@abuse.net
    abuse net xnet.com = postmaster@xnet.com, abuse@xnet.com, abuse@uu.net, abuse@sprint.net
    Report routing for 205.243.144.8: postmaster@xnet.com, abuse@xnet.com, abuse@uu.net, abuse@sprint.net
    abuse@sprint.net redirects to abuse-quiet@sprint.net
    I know this ISP's abuse address:abuse-noverbose@uu.net
    Chain error athenet.net not equal to last sender received line discarded


    Tracking message source: 205.243.144.8:
    Cached masters for 205.243.144.8: abuse-noverbose@uu.net abuse@xnet.com postmaster@xnet.com abuse-quiet@sprint.net
    Sorry, this email is too old to file a spam report. You must report spam within 3 days of receipt. This mail was received on Fri, 4 Jul 2003 14:08:34 -0400

    cPanel.net Support Ticket Number:

Similar Threads

  1. spammer on the server can't find the script
    By hammer65 in forum E-mail Discussions
    Replies: 2
    Last Post: 08-22-2009, 02:24 PM
  2. Trying to find out a spammer
    By thewebhosting in forum General Discussion
    Replies: 15
    Last Post: 06-08-2009, 10:53 AM
  3. Please help me find this spammer
    By gal3ler in forum General Discussion
    Replies: 2
    Last Post: 01-14-2006, 09:57 AM
  4. Find spammer sending out of our server
    By steele in forum General Discussion
    Replies: 7
    Last Post: 12-21-2005, 05:36 AM
  5. How can we find who is spammer?!
    By manghooli in forum General Discussion
    Replies: 0
    Last Post: 09-26-2004, 02:30 AM
bargain