On Wed, Jul 2, 2008 at 3:39 AM, Michel <[EMAIL PROTECTED]> wrote: > >> On Tue, Jul 1, 2008 at 7:39 PM, Res <[EMAIL PROTECTED]> wrote: >>> On Tue, 24 Jun 2008, Brant Wells wrote: >>> >>>> Hi All, >>>> >>>> I have recently noticed a steady stream of email leaving my server that >>>> appears >>>> to be from >>>> my Squirrel Mail users. I upgraded from 1.4.10 to 1.4.15 in an effort to >>>> fix >>>> the issue. It >>>> went away for a couple of days, but is back now. >>> >>> I wont go over what others have said about it not being an MTA etc, as its >> >> <snip> >> >> And, as always, there are plugins that can help you identify when you >> have an account on your server that has been compromised and is being >> used to send spam. The best tools for this are your own server logs, >> possibly augmented by the "Squirrel Logger" plugin, but if you could >> also check out the "Restrict Senders" plugin and if you are trying to >> be proactive against password attacks, etc., you can try the "CAPTCHA" >> and "Lockout" plugins too. > > even if you are right it does not help so much since the MTA should be > configured > to mail correctly so it does not matter if some else use the account because > the > spam origin comes back in first place to the relaying mta not to the user
You already made your point. I am pointing out other tools that can be used to identify problems like compromised accounts. > so it does not matter if you have users trying to send spam or not so long as > your > mta is "vacinated" against such attemps - so doen't matter if it is a > legitimate > user or not. I mean you try bringing the cow down with it's tail when trying > to > fight passwd attempts, on mta level you get it by it's horns The README files of the necessary plugins already note that better solutions exist at the MTA level. It is NOT a bad thing to apply rules to the SM login page to reduce password guessing attacks, etc. > I guess most attempts faking sm origin are not coming from the sm instalation > itself but they are faked by relay attempts so with proper relay protection > of your > MTA all this goes away Stop already. There IS in fact such thing as a compromised SM account being used to send spam. You make it sound like this can never happen. Wrong. > a good and easy protection is the greeting relay in first place and rate > limit in > second and then recepient limit count as third and so most spam/relay > attempts are > gone then Sure, of course. ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
