How to findout spammers from this???

tmc74

Member
Aug 17, 2003
10
0
151
I have a spammer in my server. One of my clients may be . I want to find him. For the spam mails I have the folowsing header. Is it possible to find the spammer site(userid) in my server from this ? or is there any other solution?

Please h--e-e-l-l-p.

(Here I replace original server name by myservername.net for security reasons.)

***************************************

1C6ovb-0004L8-N0-H
nobody 99 99
<[email protected]>
1095074603 0
-ident nobody
-received_protocol local
-body_linecount 1
-auth_id nobody
-auth_sender [email protected]
-allow_unqualified_recipient
-allow_unqualified_sender
-local
XX
1
[email protected]

146P Received: from nobody by myservername.net with local (Exim 4.42)
id 1C6ovb-0004L8-N0
for [email protected]; Mon, 13 Sep 2004 17:23:23 +0600
023T To: [email protected]
018 Subject: I am here
021F From: [email protected]
025R Reply-To: [email protected]
020 X-Mailer: PHP/4.3.8
052I Message-Id: <[email protected]>
038 Date: Mon, 13 Sep 2004 17:23:23 +0600

******************************************************


-Tmc74
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
I would suggest that you do a search on the forums for spammer nobody and you're likely to find plenty of posts that have gone through this.
 

simplybe

Well-Known Member
Nov 29, 2002
153
0
166
Also check the apache logs, if its a formail exploit then it will show up often in the logs, this will lead you to the account being exploited.

Also do a search for formails on your server and if needed disable them.

Also as posted above use the option in whm to prevent the user nobody sending out emails, this will also break some customers scripts but for now it will help while you find the spammer.

There is not a lot anyone here can do to help you, if you are unable to catch the spammer then you will need to allow/pay someone to access your server.

good luck