[imp] May be our horde installation was used for spam
Arjen de Korte
arjen+horde at de-korte.org
Mon May 23 08:04:04 UTC 2011
Citeren Götz Reinicke - IT-Koordinator <goetz.reinicke at filmakademie.de>:
> My questions:
>
> What is the best way to find the leak? What may I configure in
> horde/imp/apache/php ... to make it harder to be compromised?
If you're using SMTP AUTH for sending mail, the mailserver might have
logged the userid that has been used to send these messages.
> This is the first time in 10 years ... so far our setup was not that bad.
Consider the possibility that this isn't a bug in Horde, but that one
of your user accounts has been compromised. There is virtually nothing
you as an administrator can do to prevent that users are careless with
their credentials.
The only thing you can do to limit the impact, is to setup quotas on
the number of messages a user can sent per hour/day/week. Since you
have received over 7000 bounces, chances are that you don't use this
right now (which is highly recommended).
Best regards, Arjen
More information about the imp
mailing list