On Tue, Dec 15, 2009 at 12:55:00PM +0530, Rajkumar S wrote: > Hi, > > Occasionally I receive mail from compromised web mails asking user > name and password from my users. The source IPs are usually clean (as > they are legitimate mail servers) and do not catch any ip based rules. > Usually one or two mail accounts are used to pump mails via web mail > after authentication. > > I have pasted one such (slightly edited) mail at http://pastebin.ca/1715399 > > It is interesting to note that the victim was using Barracuda anti > spam appliance which also failed to catch this spam. Any ideas to > tackle such spam is very much welcome. > > with regards, > > raj
Seeing the same thing here. We are trying to remove the scrit spurce but it is disguised. Just a matter of time to pin the source. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.myspace.com/502748630 Merry Christmas 2009 and Happy New Year 2010