[imp] Tracking a webmail user
Jose-Marcio Martins da Cruz
Jose-Marcio.Martins at ensmp.fr
Thu Mar 25 21:44:57 UTC 2010
Paul Stewart wrote:
> Hi there.
>
>
>
> New to the list and apologize in advance if this is something I missed when
> hunting around. We do quite a bit of webhosting and run the Plesk platform
> which in turn runs the IMP webmail system.
>
> We're having a problem where on a very busy server one of the accounts for a
> customer domain has been "hijacked". Someone has gotten their username and
> password.
>
>
>
> The problem is that tailing the maillog is nearly impossible and if I tail
> the access_log it shows the accesses and the remote IP address (somewhere in
> Europe). Neither of these show us the user account in use. The header of
> the actual message doesn't include the username hidden anywhere neither.
>
>
>
> Is there an easy way to track down the account in question?
Maybe a look in the queue contents...
One hint for the next time, add this to the imp/config/header.php file.
It will add a header with the user ID, and the remote host.
/* Add your custom entries below this line. */
$xheader = sprintf(_("User=%s; Remote=%s; Server=%s"),
Auth::getAuth(),
$_SERVER['REMOTE_ADDR'],
$_SERVER['HTTP_HOST']);
$_header['X-Webmail'] = $xheader;
--
---------------------------------------------------------------
Jose Marcio MARTINS DA CRUZ http://j-chkmail.ensmp.fr
Ecole des Mines de Paris
60, bd Saint Michel 75272 - PARIS CEDEX 06
mailto:Jose-Marcio.Martins at mines-paristech.fr
More information about the imp
mailing list