Greetings, I know this topic has been beaten to death but I'm asking for a review of some spam complaints we've received from AOL. We got a slew of these last Summer, installed the CAPTCHA plugin and killed them dead. Now we're getting them again and I just want to be sure that I'm reading right and that these are coming from our Squirrelmail install via stolen or phished passwords. We had a run of phishing attempts last week, now this week we're getting spam complaints, I'm sure the two are related. So before I start freaking out thinking something worse has happened than has, can I get someone to just double check this for me? They look like they are indeed coming off my server, but I'd appreciate a more critical eye looking at them. I read the security note on squirrelmail.org about SquirrelMail spam, and while there are some definite similarities, the differences (mainly that the server information is accurate) kind of throws me off. Should I also do something about our the CAPTCHA plugin? Even if the passwords were stolen, I'd have thought the CAPTCHA might have prevented any automated usage of the SM. Headers from AOL feedback loop below my signature. I'm using SquirrelMail 1.5.1 on Debian Etch. Thank you so very much, Rob Wright poncacity.net debianrob@xxxxxxxxxxxxx Headers from email reported by AOL: ---------------------------------------- Return-Path: <jute_okpe2005@xxxxxxxx> Received: from rly-me04.mx.aol.com (rly-me04.mail.aol.com [172.20.83.38]) by air-me05.mail.aol.com (v121.5) with ESMTP id MAILINME053-9b1487d1136163; Tue, 15 Jul 2008 17:06:29 -0400 Received: from mail.poncacity.net (mail.poncacity.net [70.254.229.3]) by rly-me04.mx.aol.com (v121.5) with ESMTP id MAILRELAYINME045-9b1487d1136163; Tue, 15 Jul 2008 17:05:58 -0400 Received: (qmail 16150 invoked by uid 33); 15 Jul 2008 21:05:58 -0000 Cc: Received: from 41.219.128.202 (SquirrelMail authenticated user djv@xxxxxxxxxxxxx) by mail.poncacity.net with HTTP; Tue, 15 Jul 2008 16:05:58 -0500 (CDT) Message-ID: <1218.41.219.128.202.1216155958.squirrel@xxxxxxxxxxxxxxxxxx> Date: Tue, 15 Jul 2008 16:05:58 -0500 (CDT) Subject: From Brother Jute From: "Jute Okpe" <jute_okpe2005@xxxxxxxx> Reply-To: jute_okpe2005@xxxxxxxx User-Agent: SquirrelMail/1.5.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-AOL-IP: 70.254.229.3 X-AOL-SCOLL-AUTHENTICATION: listenair ; SPF_helo : + X-AOL-SCOLL-AUTHENTICATION: listenair ; SPF_822_from : n X-Mailer: Unknown (No Version) Dear loved one in Christ, Calvary greetings in Jesus name. This letter comes far from a brother of the household of faith and I bring you good tiding from my area. Also I thank God for this technology enabling us reach each other in the far places. ----------------------------- ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
