On 9/5/07, Matt <mhoppes@xxxxxxxxx> wrote: > Hi, > Lately we've noticed an alarming trend of spam being sent out from our > webmail server. It seems the new viruses will actually connect to > the webmail server and log in as the user (saved username/password in > internet explorer). It then sends e-mail from the user's webmail > account, but it doesn't send it as the user, instead it somehow > manages to forge the FROM address. > > Does anyone have any ideas how this is happening (forging of the > address) and has anyone else managed to figure out a way (short of a > captcha) to stop this? You could use the Restrict Senders plugin. However, I would be willing to bet no one is actually logging in automatically. I think you are seeing a forged SquirrelMail header: http://www.squirrelmail.org/docs/user/user-3.html ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
