Do not top-post. > > > Lately we've noticed an alarming trend of spam being sent out from our > > > webmail server. It seems the new viruses will actually connect to > > > the webmail server and log in as the user (saved username/password in > > > internet explorer). It then sends e-mail from the user's webmail > > > account, but it doesn't send it as the user, instead it somehow > > > manages to forge the FROM address. > > > > > > Does anyone have any ideas how this is happening (forging of the > > > address) and has anyone else managed to figure out a way (short of a > > > captcha) to stop this? > > > > You could use the Restrict Senders plugin. However, I would be > > willing to bet no one is actually logging in automatically. I think > > you are seeing a forged SquirrelMail header: > > > > http://www.squirrelmail.org/docs/user/user-3.html > > I saw this response to someone else (from you or another person). I'm > not sure why it seems to hard to believe the spammers are using > webmail. In this case they definitely are NOT forging headers. Fine, then I already gave you the answer you want, but you should do your own security audit in additoin - I've never heard of this kind of problem on a large/automated scale. > 1 - The headers are accounts that are valid on our system. > 2 - When the accounts are terminated, the spam stops > 3 - The accounts 'SENT' box is filled with the sent spam > 4 - The accounts 'FROM' address has been changed to the spammer's address > 5 - The accounts show valid headers and valid mail server IDs from our system > 6 - Our mailserver load has gone up in relation to these reports > 7 - The spams actually originate from our outgoing mail server used by webmail. > ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
