On Sun, 30 Aug 2009 00:18:09 -0700 (PDT), Ivan S <[email protected]> wrote:
>Hi all, > >In my office we are using SM for external user to connect to our >exchange server. we're using squirrelmail 1.4.9a and postfix-2.3.4. we >are having issue these few days where spammer can send email through >this webmail using other domain to send to internet. below is the log >from maillog: > 1.4.9a is nearly 3 years old, and has known security issues. You should upgrade. >Aug 30 05:05:06 webmail postfix/smtpd[1470]: connect from >localhost.localdomain[127.0.0.1] >Aug 30 05:05:06 webmail postfix/smtpd[1470]: 5621323FA7: >client=localhost.localdomain[127.0.0.1] >Aug 30 05:05:06 webmail postfix/cleanup[1473]: 5621323FA7: >message-id=<7a2d144cd865d8824ecac6ef0cc92afb.squir...@mydomain> >Aug 30 05:05:06 webmail postfix/qmgr[1155]: 5621323FA7: from=<[email protected]>, >size=1501, nrcpt=201 (queue active) >Aug 30 05:05:07 webmail postfix/smtpd[1470]: disconnect from >localhost.localdomain[127.0.0.1] >Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: >to=<[email protected]>, >relay=192.168.0.10[192.168.0. >10]:25, delay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 >2.0.0 Ok: queued as 9FC34C8065) >Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: >to=<[email protected]>, relay=192.168.0.10[192.168.0.10]:25, >del >ay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: >queued as 9FC34C8065) >Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: >to=<[email protected]>, >relay=192.168.0.10[192.168.0.10]:25 >, delay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: >queued as 9FC34C8065) >Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: >to=<[email protected]>, >relay=192.168.0.10[192.168.0.10]: >25, delay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 >Ok: queued as 9FC34C8065) > >and so on (there were around 200 email).I dont know whether this is >squirrelmail or postfix issue. my question is, how come someone use this >webmail without authenticate their self and sending email to internet? >(users authenticate with active directory) > SquirrelMail doesn't allow relaying without authentication. Can you see any IMAP logins around the same time? -- Jonathan Angliss <[email protected]> ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: [email protected] List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
