To all,
I run a large webmail server, 19k + accounts. Lately, just this
month, i have had three different email account send out spam email.
Basically, the accounts have their personal information changed to a
different name and reply to address. Then they send out quite a large
amount of spam email. It appears the exploiter obtained the password
and then compromised the account. The actual email user is completely
unaware of the compromise - meaning they did NOT send this spam email.
What i have:
squirrelmail version 1.4.10a
postfix + cyrus
saslauth 2.1.22
pam_mysql 0.7-rc1
PHP 5 5.2.4-pre200708051230
When looking at the mail queue file, you can see the squirrelmail
authenticated user name and the queue file clearly show it came from the
localhost indicating the squirrelmail interface.
We did not have the webmail with a CERT (ssl) but do NOW! Is there any
know way of easily compromising a email account directly with PHP and or
squirelmail.
Any help would be greatly appreciated!
Vernon Fort
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
