Hi Robert,
The information I got from the logs tells me that the spam mail was sent manually by copying several hundreds of e-mail addresses to the bcc field.
I think it's very hard to use RoundCube for automatic/scripted spam sending because you need to have a valid session which is checked by a cookie and the session hash within the URL. After sending a message, you have to reload the compose page to get a new "sending session". Of course one could write a script doing right that but it would be very complicated and you could also write it for GMX or Hotmail accounts.
I planned to add some spam-protection functions such as a limit for recipients and checking the time since the last message was sent.
Regards, Thomas
Robert Copelan wrote:
Thomas, Was the demo site being used to manually send spam mail or was it being used by an automatic program? If an automatic program, are there steps we should take with our existing installations to reduce the possiblity of spam?
Regards/MfG,
Robert