If you have a proxy server(not a web based one, but one with an ip address and port for people to use) and someone sends spam from it, how would I tell who sent the spam? If the proxy server lists all the ip addresses that use it, how can i tell which ip address sent the spam?
You can check the access logs and filter the required data from there. Look at the headers of the spam to see when and how the spam was sent. Then compare this with the data from the access logs. That should identify the culprit.