how to track/trace a threatening spammer ??

Hi,

I am having a strange problem that someone (from my server) sent 200 emails to someone on another server threatening him to hack his server and stuff like that.

Now the big part of the problem is that all the headers attached with the email sent are my own domains to which no one except me has any access.

The only thing in the source of that email which looks real is the message id but I don't know how to find out which domain owner actually sent it.

Here is the email of the person who emailed me about that:
========================================
Hello. I have just received 200 emails from one of your customers, threating to hack me and I ask nice of you to please prevent such things to happen again. Here is the full headers.


Return-path: <MysticDestr0yerX@elitehackers.com>
Envelope-to: admin@hybrid-anime.net
Delivery-date: Wed, 19 Nov 2003 16:31:22 -0600
Received: from [MYSERVER'S REAL IP] (helo=servername.mydomain.com)
by webone.timginn.com with esmtp (TLSv1how to track/trace a threatening spammer ??ES-CBC3-SHA:168)
(Exim 4.24)
id 1AMaql-0001ph-2b
for admin@hybrid-anime.net; Wed, 19 Nov 2003 16:31:03 -0600
Received: from nobody by servername.mydomain.com with local (Exim 4.24)
id 1AMaqf-0003us-BC
for admin@hybrid-anime.net; Wed, 19 Nov 2003 17:30:57 -0500
To: admin@hybrid-anime.net
Subject: Getting Hacked
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: MysticDestr0yerX@elitehackers.com
Message-Id: <E1AMaqf-0003us-BC@servername.mydomain.com>
Date: Wed, 19 Nov 2003 17:30:57 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse
report
X-AntiAbuse: Primary Hostname - servername.mydomain.com
X-AntiAbuse: Original Domain - hybrid-anime.net
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - elitehackers.com


Because you ripped the real Hybrid Animes name, me and a few other elite hackers
will destroy your server, comply with our commands and there will be no problem,
which is change your sites name or close it.

Thank you
========================================

Now I don't have any client with domain elitehackers.com or hybrid-anime.net so how he forged the headers ?

And the only thing I think real is the message ID which is E1AMaqf-0003us-BC@servername.mydomain.com so how can I dig up the sender or get some info about him with the help of this message id ? I am using CPANEL/WHM on my server.

The messages are sent from my server as the IP is real and the server name is also real in recived from headers which he can't forge. Its just that I need to trace and suspend him to prevent such stupid things from happening again.

Thanks for all your time and help...

 

 

 

 

Top