> CentOS 4.5 w/ squirrelmail-1.4.8-4.0.1.el4.centos. Plugins are: CVE-2006-6142, CVE-2007-1262, CVE-2007-2589. Please note that html filtering functions must be patched to 1.4.10+ level. Having only 1.4.9a patches is not enough. If changelog says that CVE-2006-6142 is fixed, check functions/mime.php and make sure that it is similar to 1.4.10a file and not to 1.4.9a file. > Installed Plugins > 1. delete_move_next > 2. squirrelspell > 3. newmail > 4. mpppolicygroup > 5. quota_usage > > Available Plugins: > 6. translate > 7. compatibility > 8. spamcop > 9. sent_subfolders > 10. check_quota Version of check_quota plugin? PHP register_globals setting? > Per some suggetions in the thread I was able to determine that they are > not using "mailto.php", but rather compose.php: > > /var/log/httpd/access_log:196.1.179.183 - - [07/Oct/2007:21:54:10 -0500] > "GET /webmail/src/compose.php?mail_sent=yes HTTP/1.1" 200 37102 > "http://webmail.terraworld.net/webmail/src/compose.php?mailbox=None&startMessage=0"; > "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" Wrong log entry. What you have in logs before this redirection is made in SquirrelMail. This page only displays notice that message is send. If you know ip of spammer, check all log entries from that ip address. You must trace whole path. How do they log in? Is there a legit login for same account at that time? Which pages are opened? Have you tried to protect your webmail traffic? Signed SSL certificate costs less than 20 USD. -- Tomas ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
