[imp] Spamming through Horde
francis picabia
fpicabia at gmail.com
Thu May 2 16:55:35 UTC 2013
On Thu, Apr 25, 2013 at 3:38 PM, Joseph Mays <mays at win.net> wrote:
> I’m working with an older version of horde-imp on a server running FreeBSD
> 5-4 Stable. They have a problem with people occasionally hacking into
> accounts in the webmail system and spamming through them. When this happens
> it can be very hard to identify what hacked webmail account got exploited
> because there is nothing in the mail log or message headers to indicate
> which account the spam message came from, and there is nothing in the horde
> or imp logs to record what messages were sent out, and by whom. So I am
> looking for a way to either log what account messages came from in the mail
> log, record that information in the mail headers of the messages
> themselves, or have horde log what messages were sent out through the mail
> log system and by whom. Any information that could help with any of the
> above would be greatly appreciated.
> --
> imp mailing list
My solution is to restrict what email accounts they can send from. The
first thing
the spammer does in horde is to set up a new user profile and a signature
which will contain the spam message. If you prevent them from sending from
an arbitrary address, you'll be able to easily trace the spam outbreak to a
compromised account.
In my case, I use postfix as the SMTP solution. I have a config line like:
smtpd_sender_restrictions = reject_unknown_sender_domain,
reject_unlisted_sender, check_sender_access
hash:/etc/postfix-internal/localdomain, reject
Inside localdomain I have
example.com OK
This allows them to send email from only the domain.
In addition, any hacked accounts are quickly added in here
to block them:
phishedaccount at example.com 550 This account has been compromised
More information about the imp
mailing list