The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Best way to determine which user is sending spam

Discussion in 'General Discussion' started by justhost, Oct 1, 2003.

  1. justhost

    justhost Well-Known Member

    Joined:
    Sep 2, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Halifax, Nova Scotia
    Hello

    It appears that someone is sending out some nasty spam through my server. I am wondering what the best method is to track down the culprit?

    It is an exim mailserver.

    Here is a snippit of the mail header:


    ******-0008SM-T4-H
    mailnull 47 12
    <>
    1064792937 0
    -ident mailnull
    -received_protocol local
    -body_linecount 66
    -localerror
    XX
    1
    ******@bellsouth.net

    151P Received: from mailnull by shark.****.*** with local (Exim 4.20)
    id ****-0008SM-T4
    for ********@bellsouth.net; Sun, 28 Sep 2003 20:48:57 -0300
    049 X-Failed-Recipients: ******@libertysurf.fr
    056F From: Mail Delivery System <Mailer-Daemon@shark.*****.***>
    033T To: ******@bellsouth.net
    059 Subject: Mail delivery failed: returning message to sender
    045I Message-Id: <*****-0008SM-T4@shark.*****.***>
    038 Date: Sun, 28 Sep 2003 20:48:57 -0300


    *****-0008SM-T4-D
    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    *******@libertysurf.fr
    SMTP error from remote mailer after RCPT TO:<********@libertysurf.fr>:
    host smtp-fr.libertysurf.net [213.36.80.73]: 552 RCPT TO:<*******@libertysurf.fr> Mailbox disk quota exceeded

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <********@bellsouth.net>
    Received: from nobody by shark.*****.***with local (Exim 4.20)
    id *****-0008Rm-UQ
    for *******@libertysurf.fr; Sun, 28 Sep 2003 20:48:56 -0300
    From: ******@bellsouth.net
    To: ******@libertysurf.fr
    Subject: Exclusive C.P. site !!! 20319
    Message-Id: <******-0008Rm-UQ@shark.*****.***>
    Date: Sun, 28 Sep 2003 20:48:56 -0300


    __________________

    cPanel.net Support Ticket Number:
     
  2. mickeymouse

    mickeymouse Well-Known Member

    Joined:
    Sep 16, 2003
    Messages:
    389
    Likes Received:
    0
    Trophy Points:
    16
    Dear justhost,

    You can use the method given at the following URL to help you.

    http://www.westdam.com/spamlinks/trace.htm
    http://www.radix.net/~mstein/spamhunt.html

    Regards,
     
Loading...

Share This Page