In trying to track down what account was being used to send spam via squirrelmail all I had was lines like this from /var/log/maillog Feb 27 18:12:15 mail sendmail[9844]: p1RNC9TS009844: from=<johngalvan@xxxxxxxxxxxxxxxxxxx>, size=1087, class=0, nrcpts=1, msgid=<4469.120.140.74.254.1298645519.squirrel@xxxxxxxxxxxxxxxxxxxxxxxx>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] Feb 27 18:12:15 mail sendmail[9844]: p1RNC9TS009844: to=<xxxxxx@xxxxxxxxxx>, delay=00:00:06, mailer=relay, pri=31087, stat=queued johngalvan is not a user on our system. SO it was faked. Is there now way from the msgid to figure out what logged in squirrelmail user sent this? Eventually I was able to get an example of an actual spam message so I could see the full headers which shows the authorized squirrelmail user, but that took a long time to track down and meanwhile spam was still going out. Is there some plugin that would log information for auditing this kind of thing better? I was supprised to find there is no log at all for squirrelmail by default that tracks logins or mail sent. Can anyone recommend one? Thanks -- --------------------------------------------------------------- Paul Raines email: raines at nmr.mgh.harvard.edu MGH/MIT/HMS Athinoula A. Martinos Center for Biomedical Imaging 149 (2301) 13th Street Charlestown, MA 02129 USA The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
