Dear paul,
thanks a million
really apprecite
i do have a mailadmin user
the mailadmin user preferences in SQmail were all changed
it was
----------------------
Full Name: Kathryn Loans
E-mail Address: loanskathryn@xxxxxxxxx
Reply To: kathrynloans1@xxxxxxxxx
Signature:
KATHRYN FINANCE COMPANY LTD
Central Processing Office,
Norton House,
Mansfield Road, Rotherham,
South Yorkshire
S60 2EB, UK.
E-MAIL: kathrynloans1@xxxxxxxxx
kathrynloans@xxxxxxxxxxx
PHONE: + 44 70457 27334
Attention Sir/Madam !!!
We Are Currently Offering Private, Commercial and Personal Loans
with very Minimal annual Interest Rates as Low as 4% within a 5year
to 25 years repayment duration period to any part of the world.
If you are interested then contact our customer service officer
However, Our method, offers you the chance to state the amount of loan
needed and also the duration you can affordThis gives you a real chance to
get the funds you need!
Any interested\Applicants should Fill the application details below on
my email :kathrynloans1@xxxxxxxxx
APPLICATION DETAILS
1) FULL NAMES:
2) CONTACT ADDRESS:
3) PHONE NUMBER:
4) AMOUNT NEEDED AS LOAN:
5) LOAN DURATION:
6) ANNUAL INCOME:
7) OCCUPATION:
Thanks
Mrs. Kathryn Lloyd
Phone:+44 70457 27334 +44 70457 51284
kathrynloans1@xxxxxxxxx
-----------------------------------------
I hav deleted the account now and will see if problem continues
regards
simon
thanks a million once again
> On Sun, May 4, 2008 at 1:34 PM, Benedict simon <simon@xxxxxxxxxxx> wrote:
>> Dear All,
>>
>> I have the following setup for almost a year on a single machine
>> running
>> as a Mail and Dns server and has been workin perfectly fine
>>
>> CentOS 5 OS
>> DNS server using bind-9.3.3-10.el5
>> Mailserver using sendmail-8.13.8-2.el5
>> apache web server 2.2.3-11.el5_1
>> SquirrelMail/1.4.13
>> dovecot-1.0-1.2.rc15.el5
>> MailScanner ver 4.66.5
>> mailwatch-1.0.4
>>
>> Now jus i loged into mailwatch and found my outbound queue has about 30
>> messages and i opened one of it the latest of message and here below
>> the
>> details
>>
>> ------------------------------
>>
>> Received: from kmdns1.kmun.gov.kw (localhost [127.0.0.1])
>> by kmdns1.kmun.gov.kw (8.13.8/8.13.8) with ESMTP id m447Few7008716
>> for <info@xxxxxxxxxx>; Sun, 4 May 2008 10:15:40 +0300
>> Received: (from apache@localhost)
>> by kmdns1.kmun.gov.kw (8.13.8/8.13.8/Submit) id m3UFqte8002976;
>> Wed, 30 Apr 2008 18:52:55 +0300
>> X-Authentication-Warning: kmdns1.kmun.gov.kw: apache set sender to
>> loanskathryn@xxxxxxxxx using -f
>> Received: from 196.220.10.253
>> (SquirrelMail authenticated user mailadmin)
>
> Is the username for your account (or a valid one on your mail system)
> called "mailadmin"? Looks to me like someone figured out your
> password. Change the password to the account and see if the problem
> continues. You could also install Squirrel Logger to see when the
> events (login as "mailadmin", sending of messages, etc) are happening.
> Also look in the preferences for the account and see if one of the
> identities is set to "Kathryn Loans" with an email address of
> "loanskathryn@xxxxxxxxx" (although the spammer could have
> reset/removed it when done). You could change the SM configuration to
> not allow changing of the email address too.
>
>> by webmail.baladia.gov.kw with HTTP;
>> Wed, 30 Apr 2008 18:52:55 +0300 (AST)
>> Message-ID:
>> <4643.196.220.10.253.1209570775.squirrel@xxxxxxxxxxxxxxxxxxxxxx>
>> Date: Wed, 30 Apr 2008 18:52:55 +0300 (AST)
>> Subject: Private, Commercial and Personal Loans !!!
>> From: "Kathryn Loans" <loanskathryn@xxxxxxxxx>
>> Reply-To: kathrynloans1@xxxxxxxxx
>> Bcc:
>> User-Agent: SquirrelMail/1.4.13
>> MIME-Version: 1.0
>> Content-Type: text/plain;charset=windows1256
>> Content-Transfer-Encoding: 8bit
>> X-Priority: 3 (Normal)
>> Importance: Normal
>> From: loanskathryn@xxxxxxxxx [Add to Whitelist | Add to Blacklist]
>>
>> To: info@xxxxxxxxxx
>> Subject: Private, Commercial and Personal Loans !!!
>>
>> also i could see the foolowing
>>
>> Relay Information: Date/Time Relayed by Relayed to Delay Status
>> 04/05/08 23:19:20 kmdns1 mail.networksolutionsemail.com 00:00:01
>> Deferred:
>> Connection reset by inbound.rndtec.com.netsolmail.net.
>> 04/05/08 23:04:20 kmdns1 mail.networksolutionsemail.com 00:00:01
>> Deferred:
>> Connection reset by inbound.rndtec.com.netsolmail.net.
>> 04/05/08 22:49:20 kmdns1 mail.networksolutionsemail.com 00:00:01
>> Deferred:
>> Connection reset by inbound.rndtec.com.netsolmail.net.
>> 04/05/08 22:34:19 kmdns1 mail.networksolutionsemail.com 00:00:00
>> Deferred:
>> Connection reset by inbound.rndtec.com.netsolmail.net.
>> 04/05/08 22:19:20 kmdns1 mail.networksolutionsemail.com 00:00:00
>> Deferred:
>> Connection reset by inbound.rndtec.com.netsolmail.net.
>> 04/05/08 22:04:19 kmdns1 mail.networksolutionsemail.com 00:00:00
>> Deferred:
>> Connection reset by inbound.rndtec.com.netsolmail.net.
>> 04/05/08 21:49:19 kmdns1 mail.networksolutionsemail.com 00:00:00
>> Deferred:
>> Connection reset by inbound.rndtec.com.netsolmail.net.
>> 04/05/08 21:34:19 kmdns1 mail.networksolutionsemail.com 00:00:00
>> Deferred:
>> Connection reset by inbound.rndtec.com.netsolmail.net.
>> 04/05/08 21:19:20 kmdns1 mail.networksolutionsemail.com 00:00:01
>> Deferred:
>> Connection reset by inbound.rndtec.com.netsolmail.net.
>> 04/05/08 21:04:20 kmdns1 mail.networksolutionsemail.com 00:00:01
>> Deferred:
>> Connection reset by inbound.rndtec.com.netsolmail.net.
>> 04/05/08 20:49:20 kmdns1 mail.networksolutionsemail.com 00:00:01
>> Deferred:
>> Connection reset by inbound.rndtec.com.netsolmail.net.
>> 04/05/08 20:34:19 kmdns1 mail.networksolutionsemail.com 00:00:00
>> Deferred:
>> Connection reset by inbound.rndtec.com.netsolmail.net.
>> 04/05/08 20:19:20 kmdns1 mail.networksolutionsemail.com 00:00:01
>> Deferred:
>> Connection reset by inbound.rndtec.com.netsolmail.net.
>> 04/05/08 20:04:19 kmdns1 mail.networksolutionsemail.com 00:00:00
>> Deferred:
>> Connection reset by inbound.rndtec
>>
>> --------------------------------------------
>>
>> now i do have relay domains so sendmail is configured to allow relaying
>> only our network
>>
>> also i see that apache is authenticating the user
>> --loanskathryn@xxxxxxxxx
>> using -f
>>
>>
>> 1) is this a security problem in apache or squirrelmail as im confused
>>
>> apprecite your suggestion and help
>>
>>
>> i have blacklisted using mailwatch
>>
>> blacklist for webuser -- webuser is the user used to login to mailwatch
>>
>> loanskathryn@xxxxxxxxx default
>>
>>
>> thnks and regards
>>
>> Apprecite
>>
>> simon
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>>
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
>> Don't miss this year's exciting event. There's still time to save $100.
>> Use priority code J8TL2D2.
>> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
>> -----
>> squirrelmail-users mailing list
>> Posting guidelines: http://squirrelmail.org/postingguidelines
>> List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
>> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>> List info (subscribe/unsubscribe/change options):
>> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> -----
> squirrelmail-users mailing list
> Posting guidelines: http://squirrelmail.org/postingguidelines
> List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> List info (subscribe/unsubscribe/change options):
> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
--
Network ADMIN
-------------
KUWAIT MUNICIPALITY:
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users