Re: Spammer got into my Webmail

[Dan Oachs <doachs () GAC EDU>]

We have configured our Horde/IMP installation to use smtp
authentication.  Our postfix logs then show who authenticated each
message.  We can then use that information to remove messages from our
outbound queue.

--Dan Oachs
 Gustavus Adolphus College



Robin Polak wrote:
> Hello,
>
>    One of my webmail users was fooled into revealing his credentials
> to a spammer and now I am dealing with the backlash of all this spam
> having left our smtp servers as well as much mail still left in the
> outbound sendmail queues.  Is there any advice that any of you could
> provide me as far as filtering out the spam from my sendmail queues as
> well as any procedures I could follow to counteract the effects of
> blacklisting such as a generally checked whitelist?  In addition, as a
> result of this incident I have found a flaw in the tracking of mail
> between our webmail (Horde/IMP), Cyrus IMAP, and Sendmail.  What sort
> of suggestion could be made as far as effectively being able to
> correlate my logs?  Is there a way to put a header into a message
> leaving IMP indicating the user-name that was used to login to Horde?
> This would have been quite usefull since in some way the spammer was
> able to spoof the From address in the message to be a yahoo.com
> <http://yahoo.com>  address.
>
> --
> Robin Polak, Network Manager
> College of Mount Saint Vincent
> E-Mail: robin.polak () gmail com <mailto:robin.polak () gmail com>
> V. 718-405-3293

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature