Hi,
Since some days I get Returned Mails from unknown mail-users which seems that someone is spamming from our machine.
But when i analyze the header of the original mail i fin a line:
Received: from 210.97.42.1 (HELO scc.co.at) (210.97.42.1) <<
Although the IP of scc.co.at is 193.81.182.39
The IP 210.97.42.1 will change permanently when reading other similar mails.
210.97.42.1 is in an address range (210.97.42.0 - .63) that belongs to a Korean elementary school. (whois <ip-address> is your friend, here.
My questions: 1) Is it possible that someone beoke into our machine and sent this mail directly over scc.co.at
2) What can I do to stop those spammers ... Shoot them? There's probably someone out there to annoy you big time. You could go and ask the admins of the originating servers to try to get hold of them (in case their server's been hacked, things like, connection times from "foreign" computers and stuff. So you can trace back them to their ISP, if enough
Don't think so. Open relaying is denied at that server, but it's probably been hacked... people are willing to cooperate. Don't be surprised if it's someone living round the corner... tired, Robert