James Lick describes a bad guy who spams anyone that posts to a mailing list,
only James can't figure out how the bad guy is getting the mailing list mail
in the first place.
Here's an idea you can try. Assuming you can create some temporary accounts
at your home site, you can "fake" an outgoing mailing list message,
individually for each subscriber on the list (unless it's too big of course).
Each one will look as if it came through the real mailing list, only each one
will actually be a personalized test for that recipient, from a corresponding
personal test reply account. You create the headers by hand, to look like an
outgoing list message, and you give Sendmail the right arguments (e.g. "-f
owner-listname" so the envelope sender is the list-owner as usual).
Then you see which of the personal reply addresses the spammer spams to.
Create the messages from a template, substituting in the destination and
reply addresses -- for subscriber "foo@bar", the message should appear to
have been sent by "email@example.com". Feed the outgoing messages to
Sendmail one by one.
On the replies, your host should indicate which "repl-foo_bar" was the
target, in the "Received" header that it adds, i.e. it will say "Received by
your.site for repl-foo_bar...." assuming that the spammer only spams to one
recipient at a time......
Note that if you just make the "repl-foo_bar" targets as entries in
/etc/aliases, they will be resolved and won't appear in the Received header
so you won't be able to tell which one was targetted.
If your site has the "+" hooks enabled, in Sendmail, then you can even use
your own account and add the recipient hooks afterwards i.e. subscriber
"firstname.lastname@example.org" gets a test from "jlick+foo_bar.com" and so on. (without the
"+" hook enabled, Sendmail would bounce that as unknown; with the hook, it
delivers it to the username to the left of the "+" sign)
And if your site enables Sendmail to pass the "+foo_bar.com" as a special -A
arg to Procmail, then you can even sort the incoming replies.
Chris Koenigsberg: email@example.com (firstname.lastname@example.org)
Siemens Corporate Research, and Rutgers University Dept. of Computer Science