Dear All,
I Have the following setup running for a couple of years without any problem.
Centos 5
sendmail-8.13.8-2.el5
httpd-2.2.3-11.el5_1
squirrelmail-1.4.17
MailScanner 4.76.25
Mailwatch 1.04
Just yesterday I found a huge spam being originated from my Mail Server
and my mqueue had over 800 emails
here is some infomation I got from mailwatch
----
Received: from webmail.baladia.gov.kw (kmdns1.kmun.gov.kw [xx.xx.xx.xx])
by kmdns1.kmun.gov.kw (8.13.8/8.13.8) with ESMTP id o1CIKBGo015425;
Fri, 12 Feb 2010 21:20:11 +0300
Received: from 41.138.178.41
(SquirrelMail authenticated user kkharafi)
by webmail.baladia.gov.kw with HTTP;
Fri, 12 Feb 2010 21:21:56 +0300 (AST)
Message-ID:
<60fa0f24708364e202bfa32c4a41083a.squirrel@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 12 Feb 2010 21:21:56 +0300 (AST)
Subject: BUSINESS PROPOSAL !
From: "SGT. HENRY PETER" <sgthenrypeter1111@xxxxxxxxxxxx>
Reply-To: sgthenrypeter4@xxxxxxxxxxxx
User-Agent: SquirrelMail/1.4.17
MIME-Version: 1.0
Content-Type: text/plain;charset=windows1256
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
From: sgthenrypeter1111@xxxxxxxxxxxx [Add to Whitelist | Add to Blacklist]
To: emitchell@xxxxxxxx
corey@xxxxxxxx
chris.garcia@xxxxxxxxxxxxxxx
donnae@xxxxxxxxxxxxx
dkay@xxxxxxxxxxxxxxxxxxxxxxx
capric77@xxxxxxxxxx
ellen.richard@xxxxxxxxxxxxx
contact@xxxxxxxx
dawn.miller@xxxxxxxxxxxxxxxxxxx
hardwood@xxxxxxxxx
chipper@xxxxxxxxx
gene@xxxxxxxxxxxxxx
broberts@xxxxxxxxxx
boyanzhu@xxxxxxxx
cristinamercado@xxxxxxxxxx
ftortorice@xxxxxxxxxxx
dashby@xxxxxxxxxxxxxxxxxx
goffin@xxxxxxxxxxxxxx
gfinn@xxxxxxxx
dsaxon@xxxxxxxxxxxxxxx
dianm@xxxxxxxxxx
czucal@xxxxxxxxxxxxx
diamante@xxxxxxxxxxxxx
gladys@xxxxxxxxxxxxx
caroline@xxxxxxxxxxxxxxxxxxxxxxxxx
donna.barlow@xxxxxxxxxxxxxxx
gcalabrese@xxxxxxxxxx
fstrobel@xxxxxxxxxxxxxx
------------------------------------------------
(SquirrelMail authenticated user kkharafi)
by webmail.baladia.gov.kw with HTTP;
Fri, 12 Feb 2010 21:21:56 +0300 (AST)
please note that kkharafi is my local mail user
I have about 200 mail users and all the users have a shell as nologin as a
additional security
----------------
On further investigations i found about 10 users whos Folders==> Personal
Information has been modified .
here i just paste the .pref file of one user
show_html_default=0
javascript_on=1
hililist=a:0:{}
archivefilenames=6
archiveattachments=1
archivetype=0
archiveent=1
spamcop_method=web_form
todo_first_login=0
email_address=kkharafi@xxxxxxxxxxx
identities=3
full_name1=Oceanic Bank Nigeria Plc
email_address1=info@xxxxxxx
reply_to1=atmcard.dept01@xxxxxxxxxxxx
full_name2=SGT. HENRY PETER
email_address2=sgthenrypeter1111@xxxxxxxxxxxx
reply_to2=sgthenrypeter4@xxxxxxxxxxxx
--------
no all the 10 users have personal information under folders being changed
with different information
I have just changed the password of my local user kkharafi and will wait
to see any instance of spam again.
I do can understand if one user had his password being cracked or probably
a virus on his PC could have changed his personal information squirrel
mail.
But its about 10 different local email users who had their personal
Information being changed in squirrel mail
so im confused and wondering how it could happen
I do apprecite if someone could help me out and advice me as to what could
be done so as to avoid such issues.
I really apprecite and wait your helpful reply
regards
simon
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
