How do I find this stupid spammer?! Please help :(
---------- Forwarded message ----------
Return-Path: <akagire@yahoo.com>
Received: from SUPER1.MYSERVER.COM (host002.myhostcompany.net [204.216.128.2] (may
be forged))
by util.inch.com (8.12.6/8.12.6/UTIL-INCH-3.0.9) with ESMTP id
h01A4KLW026458
for <@inch.com>; Wed, 1 Jan 2003 05:04:20 -0500 (EST)
(envelope-from akagire@yahoo.com)
Received: from [200.60.181.66] (helo=mx2.mail.yahoo.com)
by SUPER1.MYSERVER.COM with esmtp (Exim 3.36 #1)
id 18IZst-0004Yo-00; Sun, 01 Dec 2002 12:36:13 -0700
Message-ID: <000005630a28$00003f2b$0000378e@mx2.mail.yahoo.com>
To: <Undisclosed.Recipients>
From: "Sales" <akagire@yahoo.com>
Subject: Our DVD Selection has Increased! All Free!
LL
Date: Sun, 01 Dec 2002 14:36:59 -1700
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Reply-To: akagire@yahoo.com
X-AntiAbuse: This header was added to track abuse,
please include it with any abuse report
X-AntiAbuse: Primary Hostname - SUPER1.MYSERVER.COM
X-AntiAbuse: Original Domain - inch.com
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [0 0]
X-AntiAbuse: Sender Address Domain - yahoo.com
-----------------------------------------------------------------
Now, I looked at the only section that can't be forged, the 'recieved' section. And I located all the messages that exim had logged with the id 18IZst-0004Yo-00 which included three files.
18IZst-0004Yo-00
18IZst-0004Yo-00-H
18IZst-0004Yo-00-D
None of which really helped. The first one had the logs of the results of the sending the e-mails. The second had the list of e-mails to send to, and the forged headers, and the third was the body of the e-mail. None of which led me to who is SENDING the spam. Please, someone help me.
I've already tried locating any spam scripts on the server. Can't find any. So what would you guys do to catch this stupid spammer?
Thanks alot to anyone who can share their thoughts on how to catch this SOB.
