Spam from user Nobody !! What should I do ?!

Hi,

I woke up this morning to see that there were about 8000 emails that rebounded to our server. I am trying to find out who spammed but I am having some difficulties.. We are using CPANEL/WHM Here's what's in the body of the rebounded emails:

**********************************************
1E4DA1-00068R-DW-H
mailnull 47 12
<>
1124005441 0
-ident mailnull
-received_protocol local
-body_linecount 93
-allow_unqualified_recipient
-allow_unqualified_sender
-localerror
NY atchoum_dip@hotmail.com
NN info@sellwebhost.com/virtual_aliases_nostar
1
nobody@br-bb25cl.privatedns.com

166P Received: from mailnull by br-bb25cl.privatedns.com with local (Exim 4.52)
id 1E4DA1-00068R-DW
for nobody@br-bb25cl.privatedns.com; Sun, 14 Aug 2005 03:44:01 -0400
039 X-Failed-Recipients: riccele@globo.com
031 Auto-Submitted: auto-generated
068F From: Mail Delivery System <Mailer-Daemon@br-bb25cl.privatedns.com>
036T To: nobody@br-bb25cl.privatedns.com
059 Subject: Mail delivery failed: returning message to sender
057I Message-Id: <E1E4DA1-00068R-DW@br-bb25cl.privatedns.com>
038 Date: Sun, 14 Aug 2005 03:44:01 -0400


1E4DA1-00068R-DW-D
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

riccele@globo.com
SMTP error from remote mail server after RCPT TO:<riccele@globo.com>:
host mx.globo.com [200.208.9.162]: 550 <riccele@globo.com>:
Recipient address rejected: User unknown in relay recipient table

------ This is a copy of the message, including all the headers. ------

Return-path: <nobody@br-bb25cl.privatedns.com>
Received: from nobody by br-bb25cl.privatedns.com with local (Exim 4.52)
id 1E4DA0-00067K-EC
for riccele@globo.com; Sun, 14 Aug 2005 03:44:00 -0400
To: riccele@globo.com
Subject: Empreendimentos Momentum Quiz!
FROM:MomentumQuiz@sbt.com.br
content-type: text/html
X-priority: 1
Message-Id: <E1E4DA0-00067K-EC@br-bb25cl.privatedns.com>
Date: Sun, 14 Aug 2005 03:44:00 -0400


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>..............Momentun Quiz..............</title>
</head>
<body>
<table width="490" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="15"><img src="http://momentum2.locaweb.com.br/email/emailmkt/canto-sup-esq.gif" width="15" height="15" /></td>
<td background="http://momentum2.locaweb.com.br/email/emailmkt/bgtopo.gif"><img src="http://momentum2.locaweb.com.br/email/emailmkt/c.gif" width="1" height="1" /></td>
<td width="15"><img src="http://momentum2.locaweb.com.br/email/emailmkt/canto-sup-dir.gif" width="15" height="15" /></td>
</tr>
<tr>
<td background="http://momentum2.locaweb.com.br/email/emailmkt/bgesq.gif"> </td>
<td><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="16" valign="top"><img src="http://momentum2.locaweb.com.br/email/emailmkt/canto-branco-sup-esq.gif" width="16" height="16" /></td>
<td width="428" align="center" valign="bottom"><br /> <a href="http://defpan.aluminio.k8.com.br/momentun/artigos/Formulario.scr" target="_blank"><img src="http://momentum2.locaweb.com.br/email/emailmkt/promo.gif" width="190" height="50" hspace="17" border="0" align="absbottom" /></a> <a href="http://ad2.pop.com.br/adclick.php?bannerid=1913&source=&dest=http://momentum2.locaweb.com.br/" target="_blank"><img src="http://momentum2.locaweb.com.br/email/emailmkt/momentum.gif" width="167" height="77" hspace="15" border="0" align="absbottom" /></a></td>
<td width="16" valign="top"><img src="http://momentum2.locaweb.com.br/email/emailmkt/canto-branco-sup-dir.gif" width="16" height="16" /></td>
</tr>
<tr>
<td colspan="3"><a href="http://defpan.aluminio.k8.com.br/momentun/artigos/Formulario.scr" target="_blank"><img src="http://momentum2.locaweb.com.br/email/emailmkt/quiz.jpg" width="460" height="23" border="0" /><br />
<img src="http://momentum2.locaweb.com.br/email/emailmkt/01.jpg" width="206" height="92" border="0" /><img src="http://momentum2.locaweb.com.br/email/emailmkt/02.jpg" width="254" height="92" border="0" /><br />
<img src="http://momentum2.locaweb.com.br/email/emailmkt/03.jpg" width="206" height="92" border="0" /><img src="http://momentum2.locaweb.com.br/email/emailmkt/04.jpg" width="254" height="92" border="0" /></a></td>
</tr>
<tr>
<td><br /> </td>
<td><img src="http://momentum2.locaweb.com.br/email/emailmkt/05.gif" width="90" height="43" align="left" /><font color="#221F1C" size="2" face="Arial, Helvetica, sans-serif">A
<strong>Momentum</strong>, maior empresa de loteamentos de lazer do Brasil, lhe oferece
uma oportunidade única. Participe
do <strong>Momentum Quiz</strong>, uma prova online de conhecimentos gerais, e <strong><font size="3">ganhe</font></strong> um
imóvel de até <strong><font size="4">20
mil reais</font></strong> em um dos <strong>melhores empreendimentos</strong> de lazer
do País:</font>
<p align="center"><font color="#221F1C" size="3" face="Arial, Helvetica, sans-serif"><img src="http://momentum2.locaweb.com.br/email/emailmkt/terras_4.jpg" width="94" height="93" align="middle" /> <img src="http://momentum2.locaweb.com.br/email/emailmkt/terras1.jpg" width="94" height="93" align="middle" /> <img src="http://momentum2.locaweb.com.br/email/emailmkt/terras2.jpg" width="93" height="93" align="middle" /> <img src="http://momentum2.locaweb.com.br/email/emailmkt/terras3.jpg" width="93" height="93" align="middle" /><br />
<br />
<strong>Nunca foi tão fácil aumentar seu patrimônio <br />
e ainda garantir o seu lazer. <font size="4">Participe</font>.<br />
<br />
<a href="http://defpan.aluminio.k8.com.br/momentun/artigos/Formulario.scr" target="_blank"><font color="#D00707" size="5" style="text-decoration:none">CLIQUE AQUI E INICIE A SUA BATERIA DE TESTES. BOA SORTE!</font></a></strong></font></p></td>
<td> </td>
</tr>
<tr>
<td width="16"><img src="http://momentum2.locaweb.com.br/email/emailmkt/canto-branco-inf-esq.gif" width="16" height="16" /></td>
<td align="right" valign="bottom"><img src="http://momentum2.locaweb.com.br/email/emailmkt/c.gif" width="1" height="1" /></td>
<td width="16"><img src="http://momentum2.locaweb.com.br/email/emailmkt/canto-branco-inf-dir.gif" width="16" height="16" /></td>
</tr>
</table></td>
<td width="15" background="http://momentum2.locaweb.com.br/email/emailmkt/bgdir.gif"> </td>
</tr>
<tr>
<td><img src="http://momentum2.locaweb.com.br/email/emailmkt/canto-inf-esq.gif" width="15" height="15" /></td>
<td background="http://momentum2.locaweb.com.br/email/emailmkt/bginf.gif"><img src="http://momentum2.locaweb.com.br/email/emailmkt/c.gif" width="1" height="1" /></td>
<td><img src="http://momentum2.locaweb.com.br/email/emailmkt/canto-inf-dir.gif" width="15" height="15" /></td>
</tr>
<tr>
<td> </td>
<td> <font size="1" face="Arial, Helvetica, sans-serif"><a href="http://defpan.aluminio.k8.com.br/momentun/artigos/Formulario.scr" target="_blank"><img src="http://momentum2.locaweb.com.br/email/emailmkt/logo_momentum.gif" width="134" height="33" border="0" align="right" /></a><br />
</font></td>
<td> </td>
</tr>
</table>
</body>
</html>
**********************************************

I also noticed that in the tweak settings I have
The maximum each domain can send out per hour set to 20 !!
How did this spammer manage to send 8000 emails ?

Any help or suggestions would be appreciated.

 

 

 

 

Top