[wplug] Help tracking down a spam problem.
Tom Rhodes
trhodes at FreeBSD.org
Mon Nov 22 13:49:39 EST 2004
On Mon, 22 Nov 2004 12:34:23 -0500
Bill Moran <wmoran at potentialtech.com> wrote:
> Tom Rhodes <trhodes at FreeBSD.org> wrote:
> > On Sat, 20 Nov 2004 09:12:45 -0500
> > Bill Moran <wmoran at potentialtech.com> wrote:
> >
> > >
> > > I'm trying to help a client resolve a spam problem. He's being
> > > accused of spamming, and we can't determine whether it's really
> > > his problem, or if the mail is being forged.
> > >
> > > The only thing that links the mail to him is a header that says:
> > > X-AOL-IP: <his mailserver IP>
> > >
> > > I've been searching google and AOL's site, and can't seem to
> > > find any information on this header. Does anyone know if this
> > > is a header legitimately added by AOL, or if it's a phony, forged
> > > header?
> >
> > Can't you trace it to HIS IP?
>
> Hmmm ... I'd forgotten that I'd sent this.
>
> I did (finally) track it down via the message-id. I was getting some
> very strange reports from people, but some of them had enough information
> to track it back to his mailserver.
>
> We disabled the problematic account, but the larger problem still needs
> resolved. I'm still discussing that with him.
Have a plan of attack yet?
--
Tom Rhodes
More information about the wplug
mailing list