Jerry, Some quick hints: Security Issue: A) stay more up to date on squirrelmail packages. That package has known exploits. B) use randomly generated passwords. For example, this site came up from a quick Google search: http://www.thebitmill.com/tools/password.html Auth Warning: C) To allow the apache user to send emails using -f (essentially forging the name) without a warning, add this to your sendmail.mc and compile the cf. define(`confTRUSTED_USERS', `apache') dnl There is also a way to use a file called /etc/mail/trusted-users for example that can contain trusted users depending on your installation. Regards, KAM On 3/11/2010 7:24 AM, Jerry Mersel wrote: > I am using squirrelmail 1.4.17 > I have a user whose password was compromised in some way and the > squirrelmail > server started sending out spam email every second or so. (using > sendmail). > I also got in the logs this warning - > Authentication-Warning: machinename: apache set sender to some name > using -f. > > Can you recommend a way to prevent a recurrence of this. > > With Blessings > and Best regards, > > Jerry > 2363 ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
