>Can you provide more information on how SquirrelMail is being used? We use squirrelmail, courier-imap, postfix and apache. We had a squirrelmail implementation with sendmail for years, but never experienced this issue. If you need more/different info, let me know. >What version of SquirrelMail? PHP? SquirrelMail Version: 1.4.10a PHP 5 > Have you investigated how the accounts were compromised? As far as the user accounts, we are reviewing logs to determine if they bruteforced the accounts or if they just "knew" the passwds. My first thought was a virus/spyware/keylogger on a certain users host, but it spread to a total of three users over the course of several days. We have asked the user to bring their PC into us so that we can take a look at them, but no such luck. I have been I ended up routing their IP block to null in my gateway router. Here is the IP range in case anyone else experiences this. 83.229.0.0 - 83.229.255.255 Zack -----Original Message----- From: squirrelmail-users-bounces@xxxxxxxxxxxxxxxxxxxxx [mailto:squirrelmail-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Jon Angliss Sent: Tuesday, November 13, 2007 8:57 PM To: Squirrelmail User Support Mailing List Subject: Re: Spamming Through Squirrelmail -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Zack > Greetings: > We have seen quite a bit of user accounts that have been targeted > by spammers. That is to say I think our users passwds have been > compromised and the spammers are then sending out 100's of messages > through Squirrelmail and Postfix. Since we can't keep Squirrelmail > from sending out messages for our legit email I didn't know if > there was a way to only allow "fubar.net" emails to be sent out and deny > "uglyasspammers.net". Can you provide more information on how SquirrelMail is being used? What version of SquirrelMail? PHP? Have you investigated how the accounts were compromised? - -- Jon Angliss <jon@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFHOmQJK4PoFPj9H3MRAiGAAKDbQ7ayMbpC1b9Pg+4/Zo+tt6V41gCcDIEr Sj/jPbuWYAOf3mO2us0zoVk= =er19 -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
