On Tue, 2013-08-20 at 13:59 -0700, Nick Ellson wrote: > It appears that the main issue was that my account credentials were > compromised for a 1 month period, which loaded my system up with so > much spam things would not function. This made the rest of it look > very bad.
I had this happen a while ago. I'm using a MySQL db for courier authentication and had a clause in MYSQL_SELECT_CLAUSE written to deny relaying for everyone unless they had a flag set in the db AND could authenticate. Unfortunately, I hadn't updated MYSQL_SELECT_CLAUSE which had been copied from a previous courier installation on another server which didn't look at my auth flag. The result was that one of my customers got her computer infected with a key-logger and her IMAP credentials were used to pwn my SMTP server and send out huge quantities of spam! My server got blacklisted! Fortunately, courier logs the user IDs for authenticated SMTP access, and places the same information in the Received header added by the SMTP server. -- Lindsay Haisley | "Behold! Our way lies through a FMP Computer Services | dark wood whence in which 512-259-1190 | weirdness may wallow!” http://www.fmp.com | --Beauregard ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
