On Wed, Jul 2, 2008 at 3:39 AM, Michel <Michel@xxxxxxxxxxxxxx> wrote: > >> On Tue, Jul 1, 2008 at 7:39 PM, Res <res@xxxxxxxxxx> wrote: >>> On Tue, 24 Jun 2008, Brant Wells wrote: >>> >>>> Hi All, >>>> >>>> I have recently noticed a steady stream of email leaving my server that appears >>>> to be from >>>> my Squirrel Mail users. I upgraded from 1.4.10 to 1.4.15 in an effort to fix >>>> the issue. It >>>> went away for a couple of days, but is back now. >>> >>> I wont go over what others have said about it not being an MTA etc, as its >> >> <snip> >> >> And, as always, there are plugins that can help you identify when you >> have an account on your server that has been compromised and is being >> used to send spam. The best tools for this are your own server logs, >> possibly augmented by the "Squirrel Logger" plugin, but if you could >> also check out the "Restrict Senders" plugin and if you are trying to >> be proactive against password attacks, etc., you can try the "CAPTCHA" >> and "Lockout" plugins too. > > even if you are right it does not help so much since the MTA should be configured > to mail correctly so it does not matter if some else use the account because the > spam origin comes back in first place to the relaying mta not to the user You already made your point. I am pointing out other tools that can be used to identify problems like compromised accounts. > so it does not matter if you have users trying to send spam or not so long as your > mta is "vacinated" against such attemps - so doen't matter if it is a legitimate > user or not. I mean you try bringing the cow down with it's tail when trying to > fight passwd attempts, on mta level you get it by it's horns The README files of the necessary plugins already note that better solutions exist at the MTA level. It is NOT a bad thing to apply rules to the SM login page to reduce password guessing attacks, etc. > I guess most attempts faking sm origin are not coming from the sm instalation > itself but they are faked by relay attempts so with proper relay protection of your > MTA all this goes away Stop already. There IS in fact such thing as a compromised SM account being used to send spam. You make it sound like this can never happen. Wrong. > a good and easy protection is the greeting relay in first place and rate limit in > second and then recepient limit count as third and so most spam/relay attempts are > gone then Sure, of course. ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
