On Wednesday 21 November 2007 08:27, Vernon A. Fort wrote: > To all, > I run a large webmail server, 19k + accounts. Lately, just this > month, i have had three different email account send out spam email. > Basically, the accounts have their personal information changed to a > different name and reply to address. Then they send out quite a large > amount of spam email. It appears the exploiter obtained the password > and then compromised the account. The actual email user is completely > unaware of the compromise - meaning they did NOT send this spam email. > > What i have: We had the exact same problem here. What we did last week was to install the CAPTCHA plugin, and that seems to have solved the problem. It seems that the spammers were using an automated script to login via HTTP and squirrelmail to do their dirty work that way. The messages were definitely coming through our server and were not faked or spoofed. This was not a compromise of the user accounts on our server, but rather an explotation of the system using genuine and valid usernames/accounts. The last episode we had we contacted the users individually and had them change their password, but this time around we realized we need to be pro-active and thus went with the CAPTCHA. If anyone has a better suggestion I'd like to hear it. Is using a Certificate the better thing to do? Thanks, Rob Wright debianrob@xxxxxxxxxxxxx ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
