Here is a header:
Return-Path: <
[email protected]>
Received: from rly-yc01.mail.aol.com (rly-yc01.mail.aol.com [172.18.205.144]) by air-yc01.mail.aol.com (v114.2) with ESMTP id MAILINYC13-1b6455a110157; Tue, 14 Nov 2006 13:55:25 -0500
Received: from myserver.com (myserver.com [xx.xx.xx.xx]) by rly-yc01.mail.aol.com (v114.2) with ESMTP id MAILRELAYINYC18-1b6455a110157; Tue, 14 Nov 2006 13:55:02 -0500
Received: from cpanel by myserver.com with local (Exim 4.52)
id 1Gk3QG-00089R-V5; Tue, 14 Nov 2006 10:54:16 -0800
Received: from 213.185.106.204 ([213.185.106.204]) by langdalesmith.co.uk
(Horde MIME library) with HTTP; Tue, 14 Nov 2006 10:54:13 -0800
Message-ID: <
[email protected]>
Date: Tue, 14 Nov 2006 10:54:13 -0800
From: Mrs Mary Collins <
[email protected]>
To: <Undisclosed Recipients>
Subject: Dear beloved
MIME-Version: 1.0
Content-Type: text/plain;
charset=ISO-8859-1;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Internet Messaging Program (IMP) H3 (4.1.3)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - myserver
X-AntiAbuse: Original Domain - aol.com
X-AntiAbuse: Originator/Caller UID/GID - [32001 32001] / [47 12]
X-AntiAbuse: Sender Address Domain - yahoo.com
X-Source:
X-Source-Args:
X-Source-Dir:
This was happening on another server of mine as well but I wasn't able to track down the spammer cause the e-mails in the queue manager only pointed toward 'cpanel' username.