[imp] May be our horde installation was used for spam

[Götz Reinicke - IT-Koordinator]

Hi and thanks for your suggestion!

Am 23.05.11 10:04, schrieb Arjen de Korte:
> Citeren Götz Reinicke - IT-Koordinator <goetz.reinicke at filmakademie.de>:
> 
>> My questions:
>>
>> What is the best way to find the leak? What may I configure in
>> horde/imp/apache/php ... to make it harder to be compromised?
> 
> If you're using SMTP AUTH for sending mail, the mailserver might have
> logged the userid that has been used to send these messages.

hmmm... do you have any hint for me gow to find the userid?


> 
>> This is the first time in 10 years ... so far our setup was not that bad.
> 
> Consider the possibility that this isn't a bug in Horde, but that one of
> your user accounts has been compromised. There is virtually nothing you
> as an administrator can do to prevent that users are careless with their
> credentials.

thats true :-( I hope, that this incident will help me to tell the need
of good passwords and don't belive everthing a mailsystem sends :-)

> 
> The only thing you can do to limit the impact, is to setup quotas on the
> number of messages a user can sent per hour/day/week. Since you have
> received over 7000 bounces, chances are that you don't use this right
> now (which is highly recommended).

How may I limit the number of messages a user may send? :-)

Thnaks and best regards . Götz

-- 
Götz Reinicke
IT-Koordinator

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail goetz.reinicke at filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia Hübner

Geschäftsführer:
Prof. Thomas Schadt

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6656 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.horde.org/archives/imp/attachments/20110523/cbf1f2d4/attachment.bin>