Have you looked in the INBOX.Sent to verify that they are logging in and sending the mail via SquirrelMail? I ask this since I do occasionally get rejects from mail I didn't send out but someone is trying to spoof my mail server. In fact, the mail shows as being sent from an account I don't have on my server, and relaying is turned off. I know it is just a hoax. Hopefully it will help. Philip >>Can you provide more information on how SquirrelMail is being used? > We use squirrelmail, courier-imap, postfix and apache. We had a > squirrelmail implementation with sendmail for years, but never experienced > this issue. If you need more/different info, let me know. > >>What version of SquirrelMail? PHP? > SquirrelMail Version: 1.4.10a > PHP 5 > > >> Have you investigated how the accounts were compromised? > As far as the user accounts, we are reviewing logs to determine if they > bruteforced the accounts or if they just "knew" the passwds. My first > thought was a virus/spyware/keylogger on a certain users host, but it > spread to a total of three users over the course of several days. We have > asked the user to bring their PC into us so that we can take a look at > them, but no such luck. I have been > > I ended up routing their IP block to null in my gateway router. Here is > the IP range in case anyone else experiences this. > > 83.229.0.0 - 83.229.255.255 > > Zack > > > > > > > -----Original Message----- > From: squirrelmail-users-bounces@xxxxxxxxxxxxxxxxxxxxx > [mailto:squirrelmail-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Jon > Angliss > Sent: Tuesday, November 13, 2007 8:57 PM > To: Squirrelmail User Support Mailing List > Subject: Re: Spamming Through Squirrelmail > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Zack > >> Greetings: > >> We have seen quite a bit of user accounts that have been targeted >> by spammers. That is to say I think our users passwds have been >> compromised and the spammers are then sending out 100's of messages >> through Squirrelmail and Postfix. Since we can't keep Squirrelmail >> from sending out messages for our legit email I didn't know if >> there was a way to only allow "fubar.net" emails to be sent out and deny >> "uglyasspammers.net". > > Can you provide more information on how SquirrelMail is being used? > What version of SquirrelMail? PHP? Have you investigated how the > accounts were compromised? > > - -- > Jon Angliss > <jon@xxxxxxxxxxxxxxxx > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (MingW32) > > iD8DBQFHOmQJK4PoFPj9H3MRAiGAAKDbQ7ayMbpC1b9Pg+4/Zo+tt6V41gCcDIEr > Sj/jPbuWYAOf3mO2us0zoVk= > =er19 > -----END PGP SIGNATURE----- > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ----- > squirrelmail-users mailing list > Posting guidelines: http://squirrelmail.org/postingguidelines > List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user > List info (subscribe/unsubscribe/change options): > https://lists.sourceforge.net/lists/listinfo/squirrelmail-users > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ----- > squirrelmail-users mailing list > Posting guidelines: http://squirrelmail.org/postingguidelines > List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user > List info (subscribe/unsubscribe/change options): > https://lists.sourceforge.net/lists/listinfo/squirrelmail-users > ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
