Am 24.05.11 21:40, schrieb Andrew Morgan: > On Tue, 24 May 2011, Götz Reinicke - IT-Koordinator wrote: <...>
> One thing I forgot to mention about identifying compromised accounts - > the spammers like to put the content of their message (the spam) into > the user's signature block. That simplifies the creation and sending of > the spam because IMP will automatically include the signature block in > any message. You could search your preferences backend (MySQL or > whatever) for the signature preference, possibly qualifying your search > by looking for strings longer/larger than a certain amount. > > You'll also see the reply-to and identity preferences are frequently > changed by spammers. > > Once you see the preferences of a compromised account, you'll know what > to look for in the future. It's very obvious. > > Andy 100*100 Kowtow ! searching the horde db for some message strings revealed one account.... :-) THANKS A LOT TO ALL SUGGESTIONS!!!!!!!!! :-D Best regards . back to normal . Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt
smime.p7s
Description: S/MIME Cryptographic Signature
-- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org