>> Please provide more information about your setup. >> 1. SquirrelMail version > > 1.4.4 (have not upgraded due to various themes, etc we have installed) please upgrade. http://www.squirrelmail.org/security/. or turn off login_auto functionality and block all requests to src/mailto.php. > >> 2. All modifications made in standard SquirrelMail scripts > > None really? "not upgraded due to various themes". If you haven't modified SquirrelMail scripts, upgrade path is simple. You just have to fix login page and reapply msg flags patches. >> 5. PHP session.gc_maxlifetime value and other not default PHP session >> settings. > > session.gc_maxlifetime = 1440 > >> Are you sure that trojans or worms are abusing webmail and not some >> broken form on your webserver? > > Absolutely... again, when the accounts are terminated (e-mail access shut > off) the spam stops (From that user). When I check the SENT box of the > offending sending user, all of the spam that was sent is in the sent > folder. Additionally, the FROM name and E-MAIL address have been changed > to the spammers. (We have since disabled the ability of users to change > their from e-mail and name in an attempt to discourage the spammers. If you use SquirrelMail 1.4.4 and turned off email modifications in SquirrelMail configuration, you haven't disabled it. -- Tomas ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
