On Mon, 7 Apr 2014, difuntos wrote: > Hello, im having a security issue in my squirrelmail server : > > Some spammers are sending spam from my server (it?s also my SMTP server). > > I have configured sendmail exactly the same as others servers that do not > have this problems, so im guessing it?s a squirrelmail bug. Here is an > example of one log entry : > > from=<yeboahc@xxxxxxxxxxxxx>, size=2960, class=0, nrcpts=10, > msgid=<*30c754cff9a4db493366099b63d1b282.squirrel@xxxxxxxxxxxxxxx*>, > proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1] > Apr 7 14:30:03 webmail sm-msp-queue[377]: s379p679023635: > to=bob.girardi@xxxxxxxxx,bob.thompson107@xxxxxxxxx,bob1213@xxxxxxx,bob17012003@xxxxxxxxx,bob20f4@xxxxxxx,bob2rip32@xxxxxxxxxxxxxx,bob3@xxxxxxxxxxxx,bob420skater@xxxxxxxxx,bob8883641@xxxxxxx,bob@xxxxxxxxxxxxxxxxxx, > delay=07:38:57, xdelay=00:00:01, mailer=relay, pri=3725072, > relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (s37HLD9P000379 Message > accepted for delivery) > > The message id says squirrel@mydomain... > > Anyone can help me with this please????? > > Thank you very much and sorry for my terrible english.... > > > > > difuntos, This is a fairly common occurence that anyone who has run a webmail server for any length of time has probably seen before. All it takes is for one user to have their password compromised and the spammers can login to the squirrelmail server, change the "from" address to anything they like, and start sending out their spam from your server. You will need to login to that server and find out which accounts are compromised and change the passwords on those accounts. Your httpd logs might be able to help. Installing and activating the Squirrel Logger plugin may be able to help you as well. http://squirrelmail.org/plugin_view.php?id=52 Ted Hatfield. ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
