[horde] How to find the author?

[Luis Zarrabeitia]

<short story>
I have an email (spam) that I must trace back to it's author. The email was 
sent through one of my horde/imp installations, and I'm certain that it was 
not tampered with after it was sent (I grabbed it out of the mailqueue), so 
the headers are intact. The spammer, however, seems to have changed the 
address, so the From: and Return-path: are faked. Is there any log file where 
I can find the original sender? (i.e, SquirrelMail leaves a header on the 
message saying who was the original sender). If there is no log by default, 
is there a way to turn it on?
</short story>

<long story>
I act as a provider for a few faculties at my university. I don't have direct 
control over those Horde/IMP installations, but upon request, I can access 
the servers to audit them. I do control the mail gateway they all use (MX and 
smarthost).

It seems that a few days ago, a spammer guessed the password of some of the 
users, changed their identities, and began using their accounts to send spam. 
I can notify the affected users that their password has been compromised (and 
temporarily disable them), if I can learn their identities (usernames). It 
happened with Horde/IMP and SquirrelMail users, there is a header on 
squirrelmail generated emails with the real username, but with horde/imp, I 
haven't managed to find them. So far, my only options are to either block 
access to the webmails from the internet, or to deny access to the mail rely 
to the whole faculty.
</long story>

Any help you can give me would be very appreciated (even hints about how can I 
configure my postfix to prevent this from happenning... perhaps per user/per 
hour quotas?)

Cheers,

-- 
Luis Zarrabeitia (aka Kyrie)
Fac. de Matemática y Computación, UH.
http://profesores.matcom.uh.cu/~kyrie