On Sun, May 4, 2008 at 1:34 PM, Benedict simon <simon@xxxxxxxxxxx> wrote: > Dear All, > > I have the following setup for almost a year on a single machine running > as a Mail and Dns server and has been workin perfectly fine > > CentOS 5 OS > DNS server using bind-9.3.3-10.el5 > Mailserver using sendmail-8.13.8-2.el5 > apache web server 2.2.3-11.el5_1 > SquirrelMail/1.4.13 > dovecot-1.0-1.2.rc15.el5 > MailScanner ver 4.66.5 > mailwatch-1.0.4 > > Now jus i loged into mailwatch and found my outbound queue has about 30 > messages and i opened one of it the latest of message and here below the > details > > ------------------------------ > > Received: from kmdns1.kmun.gov.kw (localhost [127.0.0.1]) > by kmdns1.kmun.gov.kw (8.13.8/8.13.8) with ESMTP id m447Few7008716 > for <info@xxxxxxxxxx>; Sun, 4 May 2008 10:15:40 +0300 > Received: (from apache@localhost) > by kmdns1.kmun.gov.kw (8.13.8/8.13.8/Submit) id m3UFqte8002976; > Wed, 30 Apr 2008 18:52:55 +0300 > X-Authentication-Warning: kmdns1.kmun.gov.kw: apache set sender to > loanskathryn@xxxxxxxxx using -f > Received: from 196.220.10.253 > (SquirrelMail authenticated user mailadmin) Is the username for your account (or a valid one on your mail system) called "mailadmin"? Looks to me like someone figured out your password. Change the password to the account and see if the problem continues. You could also install Squirrel Logger to see when the events (login as "mailadmin", sending of messages, etc) are happening. Also look in the preferences for the account and see if one of the identities is set to "Kathryn Loans" with an email address of "loanskathryn@xxxxxxxxx" (although the spammer could have reset/removed it when done). You could change the SM configuration to not allow changing of the email address too. > by webmail.baladia.gov.kw with HTTP; > Wed, 30 Apr 2008 18:52:55 +0300 (AST) > Message-ID: <4643.196.220.10.253.1209570775.squirrel@xxxxxxxxxxxxxxxxxxxxxx> > Date: Wed, 30 Apr 2008 18:52:55 +0300 (AST) > Subject: Private, Commercial and Personal Loans !!! > From: "Kathryn Loans" <loanskathryn@xxxxxxxxx> > Reply-To: kathrynloans1@xxxxxxxxx > Bcc: > User-Agent: SquirrelMail/1.4.13 > MIME-Version: 1.0 > Content-Type: text/plain;charset=windows1256 > Content-Transfer-Encoding: 8bit > X-Priority: 3 (Normal) > Importance: Normal > From: loanskathryn@xxxxxxxxx [Add to Whitelist | Add to Blacklist] > > To: info@xxxxxxxxxx > Subject: Private, Commercial and Personal Loans !!! > > also i could see the foolowing > > Relay Information: Date/Time Relayed by Relayed to Delay Status > 04/05/08 23:19:20 kmdns1 mail.networksolutionsemail.com 00:00:01 Deferred: > Connection reset by inbound.rndtec.com.netsolmail.net. > 04/05/08 23:04:20 kmdns1 mail.networksolutionsemail.com 00:00:01 Deferred: > Connection reset by inbound.rndtec.com.netsolmail.net. > 04/05/08 22:49:20 kmdns1 mail.networksolutionsemail.com 00:00:01 Deferred: > Connection reset by inbound.rndtec.com.netsolmail.net. > 04/05/08 22:34:19 kmdns1 mail.networksolutionsemail.com 00:00:00 Deferred: > Connection reset by inbound.rndtec.com.netsolmail.net. > 04/05/08 22:19:20 kmdns1 mail.networksolutionsemail.com 00:00:00 Deferred: > Connection reset by inbound.rndtec.com.netsolmail.net. > 04/05/08 22:04:19 kmdns1 mail.networksolutionsemail.com 00:00:00 Deferred: > Connection reset by inbound.rndtec.com.netsolmail.net. > 04/05/08 21:49:19 kmdns1 mail.networksolutionsemail.com 00:00:00 Deferred: > Connection reset by inbound.rndtec.com.netsolmail.net. > 04/05/08 21:34:19 kmdns1 mail.networksolutionsemail.com 00:00:00 Deferred: > Connection reset by inbound.rndtec.com.netsolmail.net. > 04/05/08 21:19:20 kmdns1 mail.networksolutionsemail.com 00:00:01 Deferred: > Connection reset by inbound.rndtec.com.netsolmail.net. > 04/05/08 21:04:20 kmdns1 mail.networksolutionsemail.com 00:00:01 Deferred: > Connection reset by inbound.rndtec.com.netsolmail.net. > 04/05/08 20:49:20 kmdns1 mail.networksolutionsemail.com 00:00:01 Deferred: > Connection reset by inbound.rndtec.com.netsolmail.net. > 04/05/08 20:34:19 kmdns1 mail.networksolutionsemail.com 00:00:00 Deferred: > Connection reset by inbound.rndtec.com.netsolmail.net. > 04/05/08 20:19:20 kmdns1 mail.networksolutionsemail.com 00:00:01 Deferred: > Connection reset by inbound.rndtec.com.netsolmail.net. > 04/05/08 20:04:19 kmdns1 mail.networksolutionsemail.com 00:00:00 Deferred: > Connection reset by inbound.rndtec > > -------------------------------------------- > > now i do have relay domains so sendmail is configured to allow relaying > only our network > > also i see that apache is authenticating the user --loanskathryn@xxxxxxxxx > using -f > > > 1) is this a security problem in apache or squirrelmail as im confused > > apprecite your suggestion and help > > > i have blacklisted using mailwatch > > blacklist for webuser -- webuser is the user used to login to mailwatch > > loanskathryn@xxxxxxxxx default > > > thnks and regards > > Apprecite > > simon > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > ----- > squirrelmail-users mailing list > Posting guidelines: http://squirrelmail.org/postingguidelines > List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user > List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users > ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
