Hello, I am having hard time finding the spammer. Can someone point me to right direction? According to the full header I got. The original reciever was my company's IP. That means the final recipient will see the spam sender as our company's postfix server. Is there a good way to track down these kind of spammers? Is it in the malilog that I have to look at? Please help!
Justin. -------------------------------------------------- Return-Path: Received: from vfep03.mfe.bur.connect.com.au (vfep03.mfe.bur.connect.com.au [210.8.230.161]) by mcn06 (Cyrus v2.1.14_CCA) with LMTP; Wed, 01 Aug 2007 15:20:48 +1000 X-Sieve: CMU Sieve 2.2 Received: from vfep03.mfe.bur.connect.com.au (localhost [127.0.0.1]) by localhost.vfep03.connect.com.au (Postfix) with ESMTP id 667024A879 for ; Wed, 1 Aug 2007 15:20:29 +1000 (EST) Received: from vfep03.mfe.bur.connect.com.au (localhost [127.0.0.1]) by vfep03.mfe.bur.connect.com.au (Postfix) with ESMTP id 529E549082 for ; Wed, 1 Aug 2007 15:20:04 +1000 (EST) Received: from fep03.mfe.bur.connect.com.au (fep03.mfe.bur.connect.com.au [203.63.86.23]) by vfep03.mfe.bur.connect.com.au (Postfix) with ESMTP id 78EF149372 for ; Wed, 1 Aug 2007 15:19:18 +1000 (EST) Received: from [203.63.86.23] (localhost [127.0.0.1]) by localhost.mfep03.connect.com.au (Postfix) with ESMTP id 13B68F92A for ; Wed, 1 Aug 2007 15:19:17 +1000 (EST) Received: from ip-gt.190.57.86.40.telefonica-ca.net (unknown [190.57.86.40]) by fep03.mfe.bur.connect.com.au (Postfix) with ESMTP id AAD1FF84E; Wed, 1 Aug 2007 15:19:08 +1000 (EST) Received: from X.Y.Z.X (HELO mail.mycompany's.com) by aapt.net.au with esmtp (+R00.A9J* +.S>) id H6QK71-)?.W0--5. for [EMAIL PROTECTED]; Wed, 1 Aug 2007 05:19:18 +0360 Date: Wed, 1 Aug 2007 05:19:18 +0360 From: Jerome Thier X-Mailer: The Bat! (v3.71.04) Educational X-Priority: 3 (Normal) Message-ID: <[EMAIL PROTECTED]>To: [EMAIL PROTECTED] Subject: *****SUSPECTED SPAM***** Excellent part-time job offer for educated people. MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1250 Content-Transfer-Encoding: quoted-printable X-Spam: Not detected X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 2.63-cca (2004-01-11) on mfep03 X-Spam-Level: ******* X-Spam-Status: Yes, hits=7.5 required=5.0 tests=CCA_PRODUCT_AD_21, CCA_SPAMMER_4,DATE_IN_PAST_03_06,LINES_OF_YELLING,LINES_OF_YELLING_2, SARE_FINCLOP,WORK_AT_HOME autolearn=no version=2.63-cca X-Spam-Report: * 2.3 CCA_SPAMMER_4 Known Spammer Software * 1.3 WORK_AT_HOME BODY: Information on how to work at home (1) * 0.6 SARE_FINCLOP BODY: Talks about financial or internet opportunity. * 2.5 CCA_PRODUCT_AD_21 BODY: I'd love a college degree * 0.0 LINES_OF_YELLING BODY: A WHOLE LINE OF YELLING DETECTED * 0.1 LINES_OF_YELLING_2 BODY: 2 WHOLE LINES OF YELLING DETECTED * 0.7 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date X-BitDefender-Scanner: Clean, Agent: BitDefender POSTFIX 1.6.2 on vfep03 POSITION DESCRIPTION: Successful international Company is looking for local representatives. This is a well-paid vacation for serious ambitious person. MAIN ADVANTAGES: -------------------------------------------------------- - Really High Wages. - Ability to work from home. - Flexible schedule. - Covered business and educational expenses. - Illness/Disability friendly team. GENERAL REQUIREMENTS: -------------------------------------------------------- - Basic knowledge of credit principles, financial services and operations. = - Creativity. - Ability to work on multiple projects simultaneously along with meeting de= adlines. - Ability to work independently or in a team environment. - college degree in Economics strongly preferred (but not required). - Having a deep desire to achieve financial success. How to join: Please send your resume to our personnel manager email: [EMAIL PROTECTED] il.com It must be sent in a TXT, MSWord, RTF or PDF format. In order to receive our response, please provide us with your valid email a= ddress. If you believe this message was delivered to you b=F3 mistake please let us= know, your address will be removed from our database immediately: JasonRobertsonK= [EMAIL PROTECTED] Please take appropriate action to stop this situation recurring. Please let me know how this incident is resolved. (This email was generated by Visualware Security Suite on 1/08/2007 18:07:13) ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
