[imp] Tracking a webmail user

Michael Menge michael.menge at zdv.uni-tuebingen.de
Fri Mar 26 08:01:44 UTC 2010


Quoting Paul Stewart <paul at paulstewart.org>:

> Hi there.
>
>
>
> New to the list and apologize in advance if this is something I missed when
> hunting around.  We do quite a bit of webhosting and run the Plesk platform
> which in turn runs the IMP webmail system.
>
>
>
> We're having a problem where on a very busy server one of the accounts for a
> customer domain has been "hijacked".  Someone has gotten their username and
> password.
>
>
>
> The problem is that tailing the maillog is nearly impossible and if I tail
> the access_log it shows the accesses and the remote IP address (somewhere in
> Europe).  Neither of these show us the user account in use. The header of
> the actual message doesn't include the username hidden anywhere neither.
>
>
>
> Is there an easy way to track down the account in question?
>

In recent versions Imp (4.2) is able to Log the account and recipient
adresses. You can also limit the number of recipients per mail and
time to limit the abuse.



--------------------------------------------------------------------------------
M.Menge                                Tel.: (49) 7071/29-70316
Universität Tübingen                   Fax.: (49) 7071/29-5912
Zentrum für Datenverarbeitung          mail:  
michael.menge at zdv.uni-tuebingen.de
Wächterstraße 76
72074 Tübingen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5339 bytes
Desc: S/MIME Signatur
URL: <http://lists.horde.org/archives/imp/attachments/20100326/a64ab6c5/attachment-0001.bin>


More information about the imp mailing list