we are having someone on the mailing list since yesterday who appearently re-sends mails from the mailing list to the receivers, which creates a lot of spam.
From what we can see: * relayed via 1&1/united internet/GMX/etc, host is: moutng.kundenserver.de * senders IP address appears to be an Arcor ADSL connection, GeoIP says this might come from Berlin * internal IP address might be 10.99.52.31 * spam started most probably yesterday
(all this information is available in mail headers , visible to everyone reading this mailing list. No sniffing etc happened to acquire this.)
If you (partly) match this description, please check your mail server and fix this. If you could drop me a mail too, that would be great - I won't tell on you, promise - but then we can stop looking for the culprit. ;)
 Received: from moutng.kundenserver.de (moutng.kundenserver.de [184.108.40.206]) by open-mesh.org (Postfix) with ESMTPS id 5102A601742 for email@example.com; Wed, 14 Nov 2012 23:56:12 +0100 (CET) Received: from [10.99.52.31] (dslb-094-222-006-045.pools.arcor-ip.net [220.127.116.11]) by mrelayeu.kundenserver.de (node=mreu3) with ESMTP (Nemesis) id 0MD19D-1TQlP141HX-009dni; Wed, 14 Nov 2012 23:56:09 +0100
On Thursday 15 November 2012 12:01:59 Simon Wunderlich wrote: [...]
If you (partly) match this description, please check your mail server and fix this. If you could drop me a mail too, that would be great
- I won't tell on you, promise - but then we can stop looking for
the culprit. ;)
Ok, the person responsible for the mail spam was found. It was an user who accidently resent all messages with the original headers (but not with the envelopes). He promised not do it again.
Kind regards, Sven