Hi I’m running a version of squirrelmail by nutsmail.com. I have Tried version, 1.4.10a_NM-9.XPBlueSky and 1.4.13_NM-12.XP_BlueSky.
What is happening is that foreign ips, especially Nigerian ips are sending spam through squirrelmail.
server versions:
postfix mail_version = 2.2.10
Server version: Apache/2.0.52
PHP 4.3.9 (cgi) (built: Sep 20 2007 19:31:11
At 1st I though it was a vulnerable version that I was using but I have used several versions and the same thing happens. I was wondering is anyone here knew how these ips are relaying through my squirrelmail server, below are the logs that I have. Are the spammers using a authenticated username with a weak password, if so how can I determine the username they are using, I’m assuming the easiest way is to look at the queued mail.
I’m just trying to figure out how I can fix this as its becoming a big problem.
Postfix log:
Jul 2 02:08:58 bigtime postfix/smtpd[21079]: B8FBD1975D2: client=xxx.net[127.0.0.1]
Jul 2 02:08:59 bigtime postfix/cleanup[21026]: B8FBD1975D2: message-id=<1714.41.219.221.53.1214978939.squirrel@xxx.net>
access log:
41.219.221.53 - - [02/Jul/2008:01:43:25 -0400] "GET /index.html/src/webmail.php HTTP/1.1" 200 1506 "-" "Mozilla/4.0 (compatib
le; MSIE 6.0; Windows NT 5.1; SV1; Crazy Browser 2.0.1)"
41.219.221.53 - - [02/Jul/2008:01:43:28 -0400] "GET /index.html/themes/css/XP_BlueSky.css HTTP/1.1" 200 12030 "http://webmail
.meganet.net/index.html/src/webmail.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Crazy Browser 2.0.1)"
41.219.221.53 - - [02/Jul/2008:01:43:33 -0400] "GET /index.html/skins/XP_BlueSky/xpblue_back.gif HTTP/1.1" 200 603 "http://we
bmail.meganet.net/index.html/src/webmail.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Crazy Browser 2.0.1)"
41.219.221.53 - - [02/Jul/2008:01:44:13 -0400] "GET /index.html/src/login.php HTTP/1.1" 200 4872 "http://webmail.meganet.net/
index.html/src/webmail.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Crazy Browser 2.0.1)"
41.219.221.53 - - [02/Jul/2008:01:44:17 -0400] "GET /index.html/themes/css/none.css HTTP/1.1" 404 313 "http://webmail.meganet
.net/index.html/src/login.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Crazy Browser 2.0.1)"
41.219.221.53 - - [02/Jul/2008:01:44:19 -0400] "GET /index.html/images/bg.png HTTP/1.1" 200 8858 "http://webmail.meganet.net/
index.html/src/login.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Crazy Browser 2.0.1)"
41.219.221.53 - - [02/Jul/2008:01:44:19 -0400] "GET /index.html/skins/XP_BlueSky/logo.jpg HTTP/1.1" 200 11778 "http://webmail
.meganet.net/index.html/src/login.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Crazy Browser 2.0.1)"
41.219.221.53 - - [02/Jul/2008:01:45:03 -0400] "POST /index.html/src/redirect.php HTTP/1.1" 302 - "http://webmail.meganet.net
/index.html/src/login.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Crazy Browser 2.0.1)"
41.219.221.53 - - [02/Jul/2008:02:10:39 -0400] "POST /index.html/src/compose.php HTTP/1.1" 302 - "http://webmail.meganet.net/
index.html/src/compose.php?mail_sent=yes" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Crazy Browser 2.0.1)"
41.219.221.53 - - [02/Jul/2008:02:11:07 -0400] "POST /index.html/src/compose.php HTTP/1.1" 302 - "http://webmail.meganet.net/
index.html/src/compose.php?mail_sent=yes" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Crazy Browser 2.0.1)"
41.219.221.53 - - [02/Jul/2008:02:11:23 -0400] "GET /index.html/src/compose.php?mail_sent=yes HTTP/1.1" 200 72049 "http://web
mail.meganet.net/index.html/src/compose.php?mail_sent=yes" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Crazy Bro
wser 2.0.1)"
----------------------------------------------------
Paulo Amaral
MegaNet Communications
P: 508 646 0030
-----------------------------------------------------
------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
