It's probably because your server is on the internet and open for relay (not a roundcube problem)...if you haven't locked it down others may be using it to send spam among other things.
If you want to check for open relay try this http://www.checkor.com/
or email me directly and maybe I can help...you may also want to check to see if you have been blacklisted...if someone keeps using your server then you may get blacklisted soon. check for blacklisting here:
http://www.mail-abuse.com/cgi-bin/lookup
From: Nipun Jain [mailto:jain.nipun@gmail.com] Sent: 05 April 2006 17:15 To: users@lists.roundcube.net Subject: Spoofed Mails
I am facing a problem of email spoofing with my webmail (running on roundcube).
Some unscruplous person(s) using my webmail has set their reply to address as info@mydomain.com and / or administrator@mydomain.com in their identity and is / are using that identity to send email to other people on their webmail account at mydomain.com. Now the recipient gets fooled by this spoofed mail as roundcube (and maybe other web based email) displays the sender as the spoofed email id ( ie. info@mydomain.com or administrator@mydomain.com) and not the actual email id used to send the email. I myself have received a couple of such mails and was perplexed to see to get an email from administrator@mydomain.com as I am the admin, and my email is admin@mydomain.com (administrator@mydomain.com does not exist). I tried to figure out the actual email id by reading the email headers but it didnt show the actual email id, only showed the spoofed email id as administrator@mydomain.com (or info@mydomain.com).
Now is this supposed to work this way? I mean setting the reply to field to any email address in roundcube enables one to spoof the sender's email id? Is there any way to disable the "Reply To" field in roundcube so that users are unable to send spoofed mails?
Scanned by the MessageLabs Email Security System provided by Conosco. http://www.conosco.com ______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________