SPAM from my server, I can't identify the sender!
How do I find out which account is sending them? I'm scared my server will be shut down. It was already shut down the other day for a few hours due to this problem. I got it back up but I'm being told to delete the offending account. I would if I knew which is the offending account.
Below are 2 examples of headers:
XXXX@yahoo.de via 217.12.10.80; Sat, 18 Mar 2006 03:15:10 -0800
X-Originating-IP: [72.9.253.26]
Return-Path: <nobody@server6.affiliate-sites.net>
Authentication-Results: mta189.mail.re2.yahoo.com from=mail.yahoo.com; domainkeys=neutral (no sig)
Received: from 72.9.253.26 (EHLO server6.affiliate-sites.net) (72.9.253.26) by mta189.mail.re2.yahoo.com with SMTP; Sat, 18 Mar 2006 03:15:09 -0800
Received: from nobody by server6.affiliate-sites.net with local (Exim 4.52) id 1FKZKo-00015C-BB; Sat, 18 Mar 2006 06:11:02 -0500
An: Send an Instant Message "Yahoo! Mail Winners" <winners@yahoo.com>
Betreff: YOU WON $500! Please get your money!
Von: "Yahoo! Mail" <admin@mail.yahoo.com> Ins AdressbuchIns Adressbuch
MIME-Version: 1.0
Content-Type: text/html;
X-Priority: 1
X-MSMail-Priority: High
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [85.216.126.58]
Message-Id: <E1FKZKo-00015C-BB@server6.affiliate-sites.net>
Datum: Sat, 18 Mar 2006 06:11:02 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server6.affiliate-sites.net
X-AntiAbuse: Original Domain - yahoo.de
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-Originating-IP: [72.9.253.26]
Return-Path: <nobody@server6.affiliate-sites.net>
Authentication-Results: mta189.mail.re2.yahoo.com from=mail.yahoo.com; domainkeys=neutral (no sig)
Received: from 72.9.253.26 (EHLO server6.affiliate-sites.net) (72.9.253.26) by mta189.mail.re2.yahoo.com with SMTP; Sat, 18 Mar 2006 03:15:09 -0800
Received: from nobody by server6.affiliate-sites.net with local (Exim 4.52) id 1FKZKo-00015C-BB; Sat, 18 Mar 2006 06:11:02 -0500
An: Send an Instant Message "Yahoo! Mail Winners" <winners@yahoo.com>
Betreff: YOU WON $500! Please get your money!
Von: "Yahoo! Mail" <admin@mail.yahoo.com> Ins AdressbuchIns Adressbuch
MIME-Version: 1.0
Content-Type: text/html;
X-Priority: 1
X-MSMail-Priority: High
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [85.216.126.58]
Message-Id: <E1FKZKo-00015C-BB@server6.affiliate-sites.net>
Datum: Sat, 18 Mar 2006 06:11:02 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server6.affiliate-sites.net
X-AntiAbuse: Original Domain - yahoo.de
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
> web51001.mail.yahoo.com with YMEXTPOP; Mon, 13 Mar 2006 03:14:32 PST
> Received: from server6.affiliate-sites.net ([72.9.253.26])
> by VL-MH-MX001.ip.videotron.ca
> (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005))
> with ESMTP id
> <0IW00046WFO4O320@VL-MH-MX001.ip.videotron.ca> for
> XXXXX@videotron.ca; Sun, 12 Mar 2006 05:26:28 -0500 (EST)
> Received: from nobody by server6.affiliate-sites.net
> with local (Exim 4.52)
> id 1FINk0-0003QJ-MS; Sun, 12 Mar 2006 05:24:00
> -0500
> Date: Sun, 12 Mar 2006 05:24:00 -0500
> From: MSN Online Transfer Service
> <TransferService@msn.com>
> Subject: You received $200 from MSN
> X-Originating-IP: [196.218.69.52]
> To: MSN Online Transfer Service
> <msn.transfer.id-28139@msn.com>
> Message-id:
> <E1FINk0-0003QJ-MS@server6.affiliate-sites.net>
> MIME-version: 1.0
> X-MIMEOLE: Produced By Microsoft MimeOLE
> V6.00.2800.1106
> Content-type: text/html; CHARSET=ISO-8859-1
> X-Priority: 1
> X-MSMail-priority: High
> X-AntiAbuse: This header was added to track abuse,
> please include it with any abuse report
> X-AntiAbuse: Primary Hostname -
> server6.affiliate-sites.net
> X-AntiAbuse: Original Domain - videotron.ca
> X-AntiAbuse: Originator/Caller UID/GID - [99 99] /
> [47 12]
> X-AntiAbuse: Sender Address Domain -
> server6.affiliate-sites.net
> X-Source:
> X-Source-Args:
> X-Source-Dir:
> Content-Length: 984
> Received: from server6.affiliate-sites.net ([72.9.253.26])
> by VL-MH-MX001.ip.videotron.ca
> (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005))
> with ESMTP id
> <0IW00046WFO4O320@VL-MH-MX001.ip.videotron.ca> for
> XXXXX@videotron.ca; Sun, 12 Mar 2006 05:26:28 -0500 (EST)
> Received: from nobody by server6.affiliate-sites.net
> with local (Exim 4.52)
> id 1FINk0-0003QJ-MS; Sun, 12 Mar 2006 05:24:00
> -0500
> Date: Sun, 12 Mar 2006 05:24:00 -0500
> From: MSN Online Transfer Service
> <TransferService@msn.com>
> Subject: You received $200 from MSN
> X-Originating-IP: [196.218.69.52]
> To: MSN Online Transfer Service
> <msn.transfer.id-28139@msn.com>
> Message-id:
> <E1FINk0-0003QJ-MS@server6.affiliate-sites.net>
> MIME-version: 1.0
> X-MIMEOLE: Produced By Microsoft MimeOLE
> V6.00.2800.1106
> Content-type: text/html; CHARSET=ISO-8859-1
> X-Priority: 1
> X-MSMail-priority: High
> X-AntiAbuse: This header was added to track abuse,
> please include it with any abuse report
> X-AntiAbuse: Primary Hostname -
> server6.affiliate-sites.net
> X-AntiAbuse: Original Domain - videotron.ca
> X-AntiAbuse: Originator/Caller UID/GID - [99 99] /
> [47 12]
> X-AntiAbuse: Sender Address Domain -
> server6.affiliate-sites.net
> X-Source:
> X-Source-Args:
> X-Source-Dir:
> Content-Length: 984
