Best way to determine which user is sending spam
It appears that someone is sending out some nasty spam through my server. I am wondering what the best method is to track down the culprit?
Here is a snippit of the mail header:
******-0008SM-T4-H
mailnull 47 12
<>
1064792937 0
-ident mailnull
-received_protocol local
-body_linecount 66
-localerror
XX
1
******@bellsouth.net
151P Received: from mailnull by shark.****.*** with local (Exim 4.20)
id ****-0008SM-T4
for ********@bellsouth.net; Sun, 28 Sep 2003 20:48:57 -0300
049 X-Failed-Recipients: ******@libertysurf.fr
056F From: Mail Delivery System <Mailer-Daemon@shark.*****.***>
033T To: ******@bellsouth.net
059 Subject: Mail delivery failed: returning message to sender
045I Message-Id: <*****-0008SM-T4@shark.*****.***>
038 Date: Sun, 28 Sep 2003 20:48:57 -0300
*****-0008SM-T4-D
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
*******@libertysurf.fr
SMTP error from remote mailer after RCPT TO:<********@libertysurf.fr>:
host smtp-fr.libertysurf.net [213.36.80.73]: 552 RCPT TO:<*******@libertysurf.fr> Mailbox disk quota exceeded
------ This is a copy of the message, including all the headers. ------
Return-path: <********@bellsouth.net>
Received: from nobody by shark.*****.***with local (Exim 4.20)
id *****-0008Rm-UQ
for *******@libertysurf.fr; Sun, 28 Sep 2003 20:48:56 -0300
From: ******@bellsouth.net
To: ******@libertysurf.fr
Subject: Exclusive C.P. site !!! 20319
Message-Id: <******-0008Rm-UQ@shark.*****.***>
Date: Sun, 28 Sep 2003 20:48:56 -0300
