Paul, I saw this response to someone else (from you or another person). I'm not sure why it seems to hard to believe the spammers are using webmail. In this case they definitely are NOT forging headers. 1 - The headers are accounts that are valid on our system. 2 - When the accounts are terminated, the spam stops 3 - The accounts 'SENT' box is filled with the sent spam 4 - The accounts 'FROM' address has been changed to the spammer's address 5 - The accounts show valid headers and valid mail server IDs from our system 6 - Our mailserver load has gone up in relation to these reports 7 - The spams actually originate from our outgoing mail server used by webmail. On 9/5/07, Paul Lesniewski <paul@xxxxxxxxxxxxxxxx> wrote: > On 9/5/07, Matt <mhoppes@xxxxxxxxx> wrote: > > Hi, > > Lately we've noticed an alarming trend of spam being sent out from our > > webmail server. It seems the new viruses will actually connect to > > the webmail server and log in as the user (saved username/password in > > internet explorer). It then sends e-mail from the user's webmail > > account, but it doesn't send it as the user, instead it somehow > > manages to forge the FROM address. > > > > Does anyone have any ideas how this is happening (forging of the > > address) and has anyone else managed to figure out a way (short of a > > captcha) to stop this? > > You could use the Restrict Senders plugin. However, I would be > willing to bet no one is actually logging in automatically. I think > you are seeing a forged SquirrelMail header: > > http://www.squirrelmail.org/docs/user/user-3.html > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > -- > squirrelmail-users mailing list > Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines > List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx > List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user > List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 > List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users > ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
