>> or turn off login_auto functionality and block all requests to >> src/mailto.php. > > src/mailto.php doesn't exist. > > However, again we are chasing the straw man (is that the right term to > use here?). I'm being told to upgrade because of security, etc, etc.... > yet that's not the issue.. the issue is spammers have written a virus > which is logging into an account, changing the First/Last name and e-mail > from address, and then sending tons of spam from that account. Do you have any proof of a virus logging in? Couldn't it just be plain ol' keyboard logging and the the person who gets the logs (not your intended users) sends out the spam manually? It's technically possible to write a program that logs in automatically, using any kind of mail interface - not just web mail interfaces, as long as you have the password, but without the password it's a harder nut to crack. The key question is: how do the spammers get the password? If they get it through a broken browser caching the user name and password, fix the broken browser. Sincerely, Fredrik ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
