Dub
09-06-2006, 07:19 PM
Hello,
I own a Free Web Hosting company. Today in the email I got a message from a high school saying that a email was sent from my servers to one of the teachers saying you are fired.
Now.. I take this EXTREMELY serious and I have records of the IPs,etc of everyone who signed up.. I gather it is probably a kid trying to get off school or some junk or revege against a teacher..
I checked the EXIM logs and it does show the email. But I cannot seem to figure out who it was from. Can somebody help me on this matter?
EMAIL HEADER
Received: from vps.x0b.net (unknown [69.73.131.153])
by barracuda.fhps.k12.mi.us (Spam Firewall) with ESMTP id 909EB2000253
for <kkermode@fhps.k12.mi.us>; Sun, 3 Sep 2006 19:48:52 -0400 (EDT)
Received: from nobody by vps.x0b.net with local (Exim 4.52)
id 1GK1gz-0000qP-CZ
for kkermode@fhps.k12.mi.us; Sun, 03 Sep 2006 19:47:57 -0400
To: kkermode@fhps.k12.mi.us
X-ASG-Orig-Subj: You have been fired.
Subject: You have been fired.
From: administration@fhps.k12.mi.us <administration@fhps.k12.mi.us>
X-Mailer: PHP/4.4.4
Message-Id: <E1GK1gz-0000qP-CZ@vps.x0b.net>
Date: Sun, 03 Sep 2006 19:47:57 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.x0b.net
X-AntiAbuse: Original Domain - fhps.k12.mi.us
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - vps.x0b.net
*********************************************************************
Received: from vps.x0b.net (unknown [69.73.131.153])
by barracuda.fhps.k12.mi.us (Spam Firewall) with ESMTP id BF3302000253
for <sweiler@fhps.k12.mi.us>; Sun, 3 Sep 2006 19:53:12 -0400 (EDT)
Received: from nobody by vps.x0b.net with local (Exim 4.52)
id 1GK1lD-0006pF-6x
for sweiler@fhps.k12.mi.us; Sun, 03 Sep 2006 19:52:19 -0400
To: sweiler@fhps.k12.mi.us
X-ASG-Orig-Subj: You have been fired.
Subject: You have been fired.
From: administration@fhps.k12.mi.us <administration@fhps.k12.mi.us>
X-Mailer: PHP/4.4.4
Message-Id: <E1GK1lD-0006pF-6x@vps.x0b.net>
Date: Sun, 03 Sep 2006 19:52:19 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.x0b.net
X-AntiAbuse: Original Domain - fhps.k12.mi.us
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - vps.x0b.net
**********************************************************************
Received: from vps.x0b.net (unknown [69.73.131.153])
by barracuda.fhps.k12.mi.us (Spam Firewall) with ESMTP id 017802000253
for <lmcinnis@fhps.k12.mi.us>; Sun, 3 Sep 2006 19:51:40 -0400 (EDT)
Received: from nobody by vps.x0b.net with local (Exim 4.52)
id 1GK1jj-00055n-BN
for lmcinnis@fhps.k12.mi.us; Sun, 03 Sep 2006 19:50:47 -0400
To: lmcinnis@fhps.k12.mi.us
X-ASG-Orig-Subj: You have been fired.
Subject: You have been fired.
From: administration@fhps.k12.mi.us <administration@fhps.k12.mi.us>
X-Mailer: PHP/4.4.4
Message-Id: <E1GK1jj-00055n-BN@vps.x0b.net>
Date: Sun, 03 Sep 2006 19:50:47 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.x0b.net
X-AntiAbuse: Original Domain - fhps.k12.mi.us
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - vps.x0b.net
************************************************************************
Received: from vps.x0b.net (unknown [69.73.131.153])
by barracuda.fhps.k12.mi.us (Spam Firewall) with ESMTP id 86FC02000253
for <salthaus@fhps.k12.mi.us>; Sun, 3 Sep 2006 19:49:35 -0400 (EDT)
Received: from nobody by vps.x0b.net with local (Exim 4.52)
id 1GK1hi-0003Un-8C
for salthaus@fhps.k12.mi.us; Sun, 03 Sep 2006 19:48:42 -0400
To: salthaus@fhps.k12.mi.us
X-ASG-Orig-Subj: You have been fired.
Subject: You have been fired.
From: administration@fhps.k12.mi.us <administration@fhps.k12.mi.us>
X-Mailer: PHP/4.4.4
Message-Id: <E1GK1hi-0003Un-8C@vps.x0b.net>
Date: Sun, 03 Sep 2006 19:48:42 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.x0b.net
X-AntiAbuse: Original Domain - fhps.k12.mi.us
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - vps.x0b.net
EXIM Log
2006-09-03 19:52:21 1GK1lD-0006pF-6x => sweiler@fhps.k12.mi.us R=lookuphost T=remote_smtp H=barracuda.fhps.k12.mi.us [206.114.36.18]
2006-09-03 19:52:21 1GK1lD-0006pF-6x Completed
So.. How would I go about finding the person who did this. I don't want to have to go through every single IP when my database is over 5 GB's. But I will if nessaccary.
- Steve
I own a Free Web Hosting company. Today in the email I got a message from a high school saying that a email was sent from my servers to one of the teachers saying you are fired.
Now.. I take this EXTREMELY serious and I have records of the IPs,etc of everyone who signed up.. I gather it is probably a kid trying to get off school or some junk or revege against a teacher..
I checked the EXIM logs and it does show the email. But I cannot seem to figure out who it was from. Can somebody help me on this matter?
EMAIL HEADER
Received: from vps.x0b.net (unknown [69.73.131.153])
by barracuda.fhps.k12.mi.us (Spam Firewall) with ESMTP id 909EB2000253
for <kkermode@fhps.k12.mi.us>; Sun, 3 Sep 2006 19:48:52 -0400 (EDT)
Received: from nobody by vps.x0b.net with local (Exim 4.52)
id 1GK1gz-0000qP-CZ
for kkermode@fhps.k12.mi.us; Sun, 03 Sep 2006 19:47:57 -0400
To: kkermode@fhps.k12.mi.us
X-ASG-Orig-Subj: You have been fired.
Subject: You have been fired.
From: administration@fhps.k12.mi.us <administration@fhps.k12.mi.us>
X-Mailer: PHP/4.4.4
Message-Id: <E1GK1gz-0000qP-CZ@vps.x0b.net>
Date: Sun, 03 Sep 2006 19:47:57 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.x0b.net
X-AntiAbuse: Original Domain - fhps.k12.mi.us
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - vps.x0b.net
*********************************************************************
Received: from vps.x0b.net (unknown [69.73.131.153])
by barracuda.fhps.k12.mi.us (Spam Firewall) with ESMTP id BF3302000253
for <sweiler@fhps.k12.mi.us>; Sun, 3 Sep 2006 19:53:12 -0400 (EDT)
Received: from nobody by vps.x0b.net with local (Exim 4.52)
id 1GK1lD-0006pF-6x
for sweiler@fhps.k12.mi.us; Sun, 03 Sep 2006 19:52:19 -0400
To: sweiler@fhps.k12.mi.us
X-ASG-Orig-Subj: You have been fired.
Subject: You have been fired.
From: administration@fhps.k12.mi.us <administration@fhps.k12.mi.us>
X-Mailer: PHP/4.4.4
Message-Id: <E1GK1lD-0006pF-6x@vps.x0b.net>
Date: Sun, 03 Sep 2006 19:52:19 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.x0b.net
X-AntiAbuse: Original Domain - fhps.k12.mi.us
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - vps.x0b.net
**********************************************************************
Received: from vps.x0b.net (unknown [69.73.131.153])
by barracuda.fhps.k12.mi.us (Spam Firewall) with ESMTP id 017802000253
for <lmcinnis@fhps.k12.mi.us>; Sun, 3 Sep 2006 19:51:40 -0400 (EDT)
Received: from nobody by vps.x0b.net with local (Exim 4.52)
id 1GK1jj-00055n-BN
for lmcinnis@fhps.k12.mi.us; Sun, 03 Sep 2006 19:50:47 -0400
To: lmcinnis@fhps.k12.mi.us
X-ASG-Orig-Subj: You have been fired.
Subject: You have been fired.
From: administration@fhps.k12.mi.us <administration@fhps.k12.mi.us>
X-Mailer: PHP/4.4.4
Message-Id: <E1GK1jj-00055n-BN@vps.x0b.net>
Date: Sun, 03 Sep 2006 19:50:47 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.x0b.net
X-AntiAbuse: Original Domain - fhps.k12.mi.us
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - vps.x0b.net
************************************************************************
Received: from vps.x0b.net (unknown [69.73.131.153])
by barracuda.fhps.k12.mi.us (Spam Firewall) with ESMTP id 86FC02000253
for <salthaus@fhps.k12.mi.us>; Sun, 3 Sep 2006 19:49:35 -0400 (EDT)
Received: from nobody by vps.x0b.net with local (Exim 4.52)
id 1GK1hi-0003Un-8C
for salthaus@fhps.k12.mi.us; Sun, 03 Sep 2006 19:48:42 -0400
To: salthaus@fhps.k12.mi.us
X-ASG-Orig-Subj: You have been fired.
Subject: You have been fired.
From: administration@fhps.k12.mi.us <administration@fhps.k12.mi.us>
X-Mailer: PHP/4.4.4
Message-Id: <E1GK1hi-0003Un-8C@vps.x0b.net>
Date: Sun, 03 Sep 2006 19:48:42 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.x0b.net
X-AntiAbuse: Original Domain - fhps.k12.mi.us
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - vps.x0b.net
EXIM Log
2006-09-03 19:52:21 1GK1lD-0006pF-6x => sweiler@fhps.k12.mi.us R=lookuphost T=remote_smtp H=barracuda.fhps.k12.mi.us [206.114.36.18]
2006-09-03 19:52:21 1GK1lD-0006pF-6x Completed
So.. How would I go about finding the person who did this. I don't want to have to go through every single IP when my database is over 5 GB's. But I will if nessaccary.
- Steve