Sounds like you have a larger problem than you think. The only way they can log onto an account is to know the password. There are only 4 ways that they would know the password:
1) Brute Force on the account in question. Highly unlikely in this case if it is happening to so many accounts. 2) The accounts in question have the same password or very weak passwords like in the top 25 of known passwords. 3) They have access to an admin account and are changing passwords. 4) Your server itself is compromised and they are obtaining the passwords from the registry. If you do not have logs enabled, might as well pack your bags. You will need the logs to determine what is going on, where they are logging on from, and how to stop it. -----Original Message----- From: "Daniel Ivey" <[email protected]> Sent: Sunday, July 20, 2014 5:22am To: [email protected] Subject: [MBF] Re: hijacked accounts I am running Imail 8.22 on Windows Server 2003. These are different accounts each time, as once I identify one account, I disable that account to fix the issue for the time being. I do not have my logs enabled. Daniel -----Original Message----- From: Heimir Eidskrem [mailto:[email protected]] Sent: Friday, July 18, 2014 5:06 PM To: [email protected] Subject: [MBF] Re: hijacked accounts Are you using smartermail or Imail? Version? Are they using the same account every time? What does your log files say? Cordially, Heimir Eidskrem i360 Consulting 11152 Westheimer Suite 147 Houston, TX 77042 Ph: 713-981-4900 [email protected] www.i360.net www.smart-it-services.com Houston's Leading Internet Consulting Company -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Daniel Ivey Sent: Friday, July 18, 2014 3:42 PM To: [email protected] Subject: [MBF] hijacked accounts I am having an issue with one of my mail servers where a SPAMMER is hijacking an email account and then is causing my webmail interface to quit working because they are logged in X number of times sending SPAM. I have HiJack turned on and the thresholds set very low and these SPAMMERS keep getting under my thresholds. Has anyone else had this issue and if so, what was the fix? Thanks, Daniel ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[email protected]> To switch to the DIGEST mode, E-mail to <[email protected]> To switch to the INDEX mode, E-mail to <[email protected]> Send administrative queries to <[email protected]> ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[email protected]> To switch to the DIGEST mode, E-mail to <[email protected]> To switch to the INDEX mode, E-mail to <[email protected]> Send administrative queries to <[email protected]> ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[email protected]> To switch to the DIGEST mode, E-mail to <[email protected]> To switch to the INDEX mode, E-mail to <[email protected]> Send administrative queries to <[email protected]> ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[email protected]> To switch to the DIGEST mode, E-mail to <[email protected]> To switch to the INDEX mode, E-mail to <[email protected]> Send administrative queries to <[email protected]>
