How to findout spammers from this???

[tmc74]

I have a spammer in my server. One of my clients may be . I want to find him. For the spam mails I have the folowsing header. Is it possible to find the spammer site(userid) in my server from this ? or is there any other solution?

Please h--e-e-l-l-p.

(Here I replace original server name by myservername.net for security reasons.)

***************************************

1C6ovb-0004L8-N0-H
nobody 99 99
<nobody@myservername.net>
1095074603 0
-ident nobody
-received_protocol local
-body_linecount 1
-auth_id nobody
-auth_sender nobody@myservername.net
-allow_unqualified_recipient
-allow_unqualified_sender
-local
XX
1
ronz_ctg@yahoo.com

146P Received: from nobody by myservername.net with local (Exim 4.42)
id 1C6ovb-0004L8-N0
for ronz_ctg@yahoo.com; Mon, 13 Sep 2004 17:23:23 +0600
023T To: ronz_ctg@yahoo.com
018 Subject: I am here
021F From: nila@yahoo.com
025R Reply-To: nila@yahoo.com
020 X-Mailer: PHP/4.3.8
052I Message-Id: <E1C6ovb-0004L8-N0@myservername.net>
038 Date: Mon, 13 Sep 2004 17:23:23 +0600

******************************************************


-Tmc74

[chirpy]

I would suggest that you do a search on the forums for spammer nobody and you're likely to find plenty of posts that have gone through this.

[drmike]

Also turn off the ability within whm for "nobody to send email". It's under one of the security settings. All email should be going throuhg the smtp server.

-drmike

[simplybe]

Also check the apache logs, if its a formail exploit then it will show up often in the logs, this will lead you to the account being exploited.

Also do a search for formails on your server and if needed disable them.

Also as posted above use the option in whm to prevent the user nobody sending out emails, this will also break some customers scripts but for now it will help while you find the spammer.

There is not a lot anyone here can do to help you, if you are unable to catch the spammer then you will need to allow/pay someone to access your server.

good luck