Re: [vchkpw] How can I identify a spammer?

[Walter Souto R. Junior]

Hi Jeremy,
the smtp auth patch you use should be putting a header in the email  
saying who
sent it.. check for that header, and shut the guy off.
This is the first thing that I did try. My server was set 2 years ago and  
vpopmail version is 5.3.20. I use the toaster guide from Bill Shup and his  
large patch. I never get a problem like that. The version of smtp-auth  
patch does not put the information into the headers. The message bellow is  
what the spammer sends out. The IP listed always change. I test my server  
right now and it isn't an open relay. So when I identify the vpopmail user  
that was used to do that I can take the properly action, but how?

 --------------
MESSAGE NUMBER 32964920
 --------------
Received: (qmail 5098 invoked by uid 1010); 22 Oct 2004 11:46:22 -0200
Received: from [EMAIL PROTECTED] by alonso.bayweb.biz by uid 0  
with qmail-scanner-1.22
 (clamdscan: 0.74. spamassassin: 2.63.   
Clear:RC:0(218.61.42.211):SA:1(7.4/4.0):.
 Processed in 5.793772 secs); 22 Oct 2004 13:46:22 -0000
Received: from unknown (HELO meals) ([EMAIL PROTECTED])
  by alonso.bayweb.biz with SMTP; 22 Oct 2004 11:46:16 -0200
From: "Michael Sapanna"<[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [SPAM] ARE YOU HAPP1lIY?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Qmail-Scanner-Message-ID: <[EMAIL PROTECTED]>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on alonso.bayweb.biz
X-Spam-Report:
        *  1.9 DATE_MISSING Missing Date: header
        *  5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
        *      [score: 1.0000]
        *  0.1 RCVD_IN_RFCI RBL: Sent via a relay in  
ipwhois.rfc-ignorant.org
        *      [218.61.42.211 has inaccurate or missing WHOIS]
        [data at the RIR]
        *  0.0 UPPERCASE_25_50 message body is 25-50% uppercase
X-Spam-Status: Yes, hits=7.4 required=4.0 tests=BAYES_99,DATE_MISSING,
        RCVD_IN_RFCI,UPPERCASE_25_50 autolearn=no version=2.63
X-Spam-Level: *******

http://VI1aggar_C000O0delne_Xana|x_Va||um_.......and___mO000Ore
http://VI1aggar_C0O000delne_Xana|x_Va||um_CIa1lis_.......and___mO0O00re
http://C1aI|is_Vl|aggar_.......and___m0O0O0re
V|SIT  0UR  S1TE  AND  0RDER  HERE http://sear.cndbvsa.com/as#boathouse
Thanks in advance,
--
Walter.