-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear All, One of my clients is abusing my proxy server to sent spams to different groups in the internet. But I have only been given the details below. I understand that there should be some kind of X-Forwarded-For IP address right? How do I get the IP of the offending user besides checking all my access logs? Can somebody shed some light into how to prevent these incidents from recurring in the future? Thanks in advance! SPAM Details: Path: authen.puce.readfreenews.net!green.octanews.net!news-out.octanews.net!news.glorb.com!postnews.google.com!u30g2000hsc.googlegroups.com!not-for-mail From: spammer@xxxxxxxxx Newsgroups: alt.comp.freeware Subject: http://www.jobsnepal.info/idevaffiliate/idevaffiliate.php?id=1515 Date: 4 May 2007 20:11:14 -0700 Organization: http://groups.google.com Lines: 6 Message-ID: <1178334674.363813.301290@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> NNTP-Posting-Host: 202.xx.xx.xx (IP of my proxy server) Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Trace: posting.google.com 1178334675 27786 127.0.0.1 (5 May 2007 03:11:15 GMT) X-Complaints-To: groups-abuse@xxxxxxxxxx NNTP-Posting-Date: Sat, 5 May 2007 03:11:15 +0000 (UTC) User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1),gzip(gfe),gzip(gfe) X-HTTP-Via: 1.1 myproxy.com:3128 (squid/2.6.STABLE9) Complaints-To: groups-abuse@xxxxxxxxxx Injection-Info: u30g2000hsc.googlegroups.com; posting-host=202.xx.xx.xx (IP of my proxy); posting-account=qJA5Sw0AAAAEwNnRGJ7bd6V3Qkylk050 Xref: authen.puce.readfreenews.net alt.comp.freeware:544238 Specialize in website design, web hosting, database design and internet marketing to improve your web position. Services include meta tag programming,online job and many more http://www.jobsnepal.info/idevaffiliate/idevaffiliate.php?id=1785 - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFGPW0AVrOl+eVhOvYRAgD/AJ9qVREDs4qsyg4u7AaqnIEVbS1K5ACeORdr 6NOkWgrczzJjPb2M6TPCEvA= =o/1v -----END PGP SIGNATURE-----