Hi Davide, Apologies for my late reply.
> Date: Sun, 27 Feb 2011 19:33:47 -0800 > From: davi...@xmailserver.org > To: xmail@xmailserver.org > Subject: Re: [xmail] suspicious mail behaviour; don't know what to make of it > . . . > > On Sun, 27 Feb 2011, Spyros Tsiolis wrote: > > ----%<----%<----%<----%<---- > > > > Hi Davide, > > > > No, no way. Users have achieved such level of mentality as to not do damage > > to their > > own system :-) > > This is definitely automated by someone from the outside. > > How he managed to get access to the mailserver on the DMZ, I am still trying > > to find that one out (If I even find anything). > > Well, if the password was same as user, that's the first thing brute force > methods try. > > > - Davide > > > _______________________________________________ > xmail mailing list > xmail@xmailserver.org > http://xmailserver.org/mailman/listinfo/xmail Yes, it seems you hit it on the nail. Indeed the pass was the same as the user. I didn't pay any attention to it because it wasn't a proper XMail user; It was a drop-list (alias). However, this chap managed to trick the system. Thankfully, he didn't do much damage. Just FYI, I took away the account for a week or so and re-visited XMails' usernames/passwords. Made very lengthy and dificult passwords for all the XMail accounts. Then re-installed the drop-list account but this time with a very complicated password. This time around, everything went fine and this chap is out of our club :-) Thank you for everything, Kind regards, s. ----- "I merely function as a channel that filters music through the chaos of noise" - Vangelis
_______________________________________________ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail