On Sun, 30 Aug 2009 00:18:09 -0700 (PDT), Ivan S <whitebreville@xxxxxxxxx> wrote: >Hi all, > >In my office we are using SM for external user to connect to our >exchange server. we're using squirrelmail 1.4.9a and postfix-2.3.4. we >are having issue these few days where spammer can send email through >this webmail using other domain to send to internet. below is the log >from maillog: > 1.4.9a is nearly 3 years old, and has known security issues. You should upgrade. >Aug 30 05:05:06 webmail postfix/smtpd[1470]: connect from localhost.localdomain[127.0.0.1] >Aug 30 05:05:06 webmail postfix/smtpd[1470]: 5621323FA7: client=localhost.localdomain[127.0.0.1] >Aug 30 05:05:06 webmail postfix/cleanup[1473]: 5621323FA7: >message-id=<7a2d144cd865d8824ecac6ef0cc92afb.squirrel@mydomain> >Aug 30 05:05:06 webmail postfix/qmgr[1155]: 5621323FA7: from=<info@xxxxxxxxx>, size=1501, nrcpt=201 (queue active) >Aug 30 05:05:07 webmail postfix/smtpd[1470]: disconnect from localhost.localdomain[127.0.0.1] >Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: >to=<christophergilbert777@xxxxxxxxxxx>, >relay=192.168.0.10[192.168.0. >10]:25, delay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9FC34C8065) >Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: >to=<chris24@xxxxxxxxxxxxx>, relay=192.168.0.10[192.168.0.10]:25, >del >ay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9FC34C8065) >Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: >to=<chris4wendy2@xxxxxxxxxxxxx>, >relay=192.168.0.10[192.168.0.10]:25 >, delay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9FC34C8065) >Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: >to=<chris_taylor99@xxxxxxxxxxxxx>, >relay=192.168.0.10[192.168.0.10]: >25, delay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9FC34C8065) > >and so on (there were around 200 email).I dont know whether this is >squirrelmail or postfix issue. my question is, how come someone use this >webmail without authenticate their self and sending email to internet? >(users authenticate with active directory) > SquirrelMail doesn't allow relaying without authentication. Can you see any IMAP logins around the same time? -- Jonathan Angliss <jon@xxxxxxxxxxxxxxxx> ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
