[imp] Tracking a webmail user

Paul Stewart paul at paulstewart.org
Thu Mar 25 20:30:40 UTC 2010


Hi there.

 

New to the list and apologize in advance if this is something I missed when
hunting around.  We do quite a bit of webhosting and run the Plesk platform
which in turn runs the IMP webmail system.

 

We're having a problem where on a very busy server one of the accounts for a
customer domain has been "hijacked".  Someone has gotten their username and
password.

 

The problem is that tailing the maillog is nearly impossible and if I tail
the access_log it shows the accesses and the remote IP address (somewhere in
Europe).  Neither of these show us the user account in use. The header of
the actual message doesn't include the username hidden anywhere neither.

 

Is there an easy way to track down the account in question?

 

Appreciate your time,

 

Paul

 

 

 



More information about the imp mailing list