I guess I misstated what I am trying to figure out. I think some users responded with their usernames and passwords and now those users are being used to send out spam. I am trying to figure out what users are actually compromised (who is sending out messages the most). With 1000 plus users it is not going to be easy to just change all of their passwords. I think this is being done via Squirrel mail but I cannot be for sure. Any ideas to see what user is sending out the most mail?
Thanks
q
-----Original Message-----
From: news on behalf of Eric Shubert
Sent: Sat 9/27/2008 2:18 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] spam user
Kyle Quillen wrote:
>
> Hey all,
>
> I think I have a bit of an issue it seems as though a few of my users
> because subject to a phishing attack that was asking for their usernames
> and passwords. How can I go about figuring out who is actually sending
> the mail out?
Look at the message header, or find the entries in the smtp log that
correspond to the message.
> I have checked the ISOQLog but that does not really throw
> any flags to me. Any thoughts on this?
What are you going to do if/when you find out where they came from?
Blacklisting the IP will do little good. You might look into the
SaneSecurity for clamav extension. (See QMT-ISO manual).
FWIW, I think that Sam will be adding DKIM checking to spamdyke in a future
release. This should help greatly to eliminate phishing. Don't hold your
breath, but he might be giving it a high priority for enhancements.
> Thanks
> Q
>
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<<winmail.dat>>
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
