Hi.
Im detecting that in my roundcube logs:
[21-May-2009 08:37:54 -0500]: User valid.user@localhost [75.126.32.187]; Message for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as C8E55A4844B [21-May-2009 08:39:57 -0500]: User valid.user@localhost [75.126.32.187]; Message for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as 6E164A4844B [21-May-2009 08:41:50 -0500]: User valid.user@localhost [75.126.32.187]; Message for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as 10310A48445 [21-May-2009 08:43:28 -0500]: User valid.user@localhost [75.126.32.187]; Message for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as 5802DA4844B [21-May-2009 08:45:13 -0500]: User valid.user@localhost [75.126.32.187]; Message for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as 116F8A4844D [21-May-2009 08:46:57 -0500]: User valid.user@localhost [75.126.32.187]; Message for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as DCCA5A4844D [21-May-2009 08:47:57 -0500]: User valid.user@localhost [75.126.32.187]; Message for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as B4C10A4844C
All that are spam.
I only permit send my using auth, but this problem is very recurrent. How can i prevent that?
Im using Roundcube v0.2.2
thanks _______________________________________________ List info: http://lists.roundcube.net/users/
On May 21, 2009, at 9:35 AM, kazabe wrote:
Hi.
Im detecting that in my roundcube logs:
[Snip]
All that are spam.
I only permit send my using auth, but this problem is very recurrent. How can i prevent that?
Im using Roundcube v0.2.2
thanks
Change the password of the affected user to something stronger. The
account has been compromised.
--
Josh Whitver
_______________________________________________
List info: http://lists.roundcube.net/users/
kazabe wrote:
Hi.
Im detecting that in my roundcube logs:
[...]
All that are spam.
I only permit send my using auth, but this problem is very recurrent. How can i prevent that?
Actually a valid session is required to send mails from RoundCube.
Maybe you can get the according requests (and referers) from your access log. Just compare time stamps to find the right ones. This might give you/us an idea how this could happen.
One possibility is some session take-over by from a currently logged in user.
~Thomas _______________________________________________ List info: http://lists.roundcube.net/users/