Citeren Götz Reinicke - IT-Koordinator <goetz.reini...@filmakademie.de>:
My questions: What is the best way to find the leak? What may I configure in horde/imp/apache/php ... to make it harder to be compromised?
If you're using SMTP AUTH for sending mail, the mailserver might have logged the userid that has been used to send these messages.
This is the first time in 10 years ... so far our setup was not that bad.
Consider the possibility that this isn't a bug in Horde, but that one of your user accounts has been compromised. There is virtually nothing you as an administrator can do to prevent that users are careless with their credentials.
The only thing you can do to limit the impact, is to setup quotas on the number of messages a user can sent per hour/day/week. Since you have received over 7000 bounces, chances are that you don't use this right now (which is highly recommended).
Best regards, Arjen -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
