I'm assisting someone whose Imail server (9.23 running on 2003) has been hacked by a spammer. I don't think it's a relaying issue since the server is behind a Barracuda spam firewall that filters incoming email and rejects anything not addressed to the domain's users - the Barracuda logs show nothing. The server is not running on port 25 - the Barracuda is forwarding all email on a different port. If you go into User Manager you can see where an user account had been modified with a bogus Full Name and Return Address. The actual spam content was in the signature file and the hacked user account was used to send the spam email.
The server is on a DMZ, with incoming ports tightly restricted - I've been searching the firewall and SMTP logs but can't figure out how the spammer is gaining access to Imail. Where do I need to be looking? Any help would be greatly appreciated. To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html