On 8/21/08, List Server <[EMAIL PROTECTED]> wrote: > > Date: Thu, 21 Aug 2008 07:12:13 -0500 > From: Heimir Eidskrem <[EMAIL PROTECTED]> > Subject: Re: [IMail Forum] Webmail spammer - possible webmail breach? > Reply-To: [email protected] > This is a multi-part message in MIME format. > --------------020504020601040804030208 > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > Content-Transfer-Encoding: 7bit > > I appreciate the answer but dont see how it relates to the question. > > Do you know if there are any known hacks or problem with webmail? > > 1. Not a ton of messages when out- less then 500. > 2. The users reply address and name was updates. > 3. Only a few failed logins for the account. > > I am pretty sure that the users computer got compromised and they got > his info that way. > The IP used to connect came from Nigeria. > > > Sanford Whiteman wrote: >>> Is there any known hacks or problems with the webmail? I see that >>> they updated the user name and reply address. >>> >> >> Such a compromise is usually due to easily-guessed passwords (same as >> username, 'password', etc.). Once you've got that info, sending a ton >> of messages using HTTP scripting -- not the webmail per se -- is a >> cinch. >> >> Have you spoken with the user to be sure this was not the case? Users >> can sometimes be embarrassed to admit it. >> >> --Sandy >> >> >> ------------------------------------ >> Sanford Whiteman, Chief Technologist >> Broadleaf Systems, a division of >> Cypress Integrated Systems, Inc. >> e-mail: [EMAIL PROTECTED] >> >> SpamAssassin plugs into Declude! >> >> http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ >> >> Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail >> Aliases! >> >> http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ >> >> http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ >> >> >> To Unsubscribe: http://imailserver.com/support/discussion_list/ >> List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >> Knowledge Base/FAQ: http://imailserver.com/support/kb.html >> >> >> > > > --------------020504020601040804030208 > Content-Type: text/html; charset=ISO-8859-1 > Content-Transfer-Encoding: 7bit > > <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> > <html> > <head> > <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> > </head> > <body bgcolor="#ffffff" text="#000000"> > I appreciate the answer but dont see how it relates to the question.<br> > <br> > Do you know if there are any known hacks or problem with webmail?<br> > <br> > 1. Not a ton of messages when out- less then 500.<br> > 2. The users reply address and name was updates.<br> > 3. Only a few failed logins for the account.<br> > <br> > I am pretty sure that the users computer got compromised and they got > his info that way.<br> > The IP used to connect came from Nigeria.<br> > <br> > <br> > Sanford Whiteman wrote: > <blockquote cite="mid:[EMAIL PROTECTED]" > type="cite"> > <blockquote type="cite"> > <pre wrap="">Is there any known hacks or problems with the webmail? I > see that > they updated the user name and reply address. > </pre> > </blockquote> > <pre wrap=""><!----> > Such a compromise is usually due to easily-guessed passwords (same as > username, 'password', etc.). Once you've got that info, sending a ton > of messages using HTTP scripting -- not the webmail per se -- is a > cinch. > > Have you spoken with the user to be sure this was not the case? Users > can sometimes be embarrassed to admit it. > > --Sandy > > > ------------------------------------ > Sanford Whiteman, Chief Technologist > Broadleaf Systems, a division of > Cypress Integrated Systems, Inc. > e-mail: <a class="moz-txt-link-abbreviated" > href="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</a> > > SpamAssassin plugs into Declude! > <a class="moz-txt-link-freetext" > href="http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/";>http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/</a> > > Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail > Aliases! > <a class="moz-txt-link-freetext" > href="http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/";>http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/</a> > <a class="moz-txt-link-freetext" > href="http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/";>http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/</a> > > > To Unsubscribe: <a class="moz-txt-link-freetext" > href="http://imailserver.com/support/discussion_list/";>http://imailserver.com/support/discussion_list/</a> > List Archive: <a class="moz-txt-link-freetext" > href="http://www.mail-archive.com/imail_forum%40list.ipswitch.com/";>http://www.mail-archive.com/imail_forum%40list.ipswitch.com/</a> > Knowledge Base/FAQ: <a class="moz-txt-link-freetext" > href="http://imailserver.com/support/kb.html";>http://imailserver.com/support/kb.html</a> > > > </pre> > </blockquote> > <br> > </body> > </html> > > --------------020504020601040804030208-- > > Date: Thu, 21 Aug 2008 08:16:29 -0400 > From: "Andy Schmidt" <[EMAIL PROTECTED]> > Subject: RE: [IMail Forum] Webmail spammer - possible webmail breach? > Reply-To: [email protected] >>> In the most recent versions of Imail, the entire interface is web driven > and > requires ADMINISTRATIVE permissions to run. While that does not open the > doors to spammers, it gives the program entirely TOO MUCH AUTHORITY over the > machine << > > Hi, > > I understand your concern - the Admin rights should only be required for the > section that actually starts/stops services - and then simply cause an NTFS > logon prompt in the browser. > > However, as a workaround, you could configure IIS to limit the permitted IP > range for the IMAIL admin site to either just non-routable addresses (local > addresses) or even only to the IP addresses of the admin group members. > > Best Regards, > Andy > > > Date: Fri, 22 Aug 2008 09:03:48 +1000 > From: Cameron Biggart <[EMAIL PROTECTED]> > Subject: [IMail Forum] Stripped attachments > Reply-To: [email protected] > Dear All > > I have an SMTP virus scanner before my imail server that is supposed to > block & store emails containing .zip files as attachments. I've noticed > a few trojans with the "we couldn't deliver your package check the > invoice attached" style and a zip file attached that are getting through > possibly because of the way they are encoded? > My question is on our iMail 8.21 server there is the option to strip or > replace attachments that you don't want - but are the attachments stored > somewhere for retrieval? If so, where? > We have a few users who legitimately send .zip files around and live > with them being delayed but wouldn't be happy with them being completely > undeliverable. > > Cameron >
-- Sent from my mobile device James Mason Safety & Environmental Director/Systems Administrator Yamato Engine Specialists 360-306-5017 Confidentiality Notice: The documents accompanying this electronic transmission may contain confidential information. The information is intended only for the use of the individual(s) or entity named above. If you are not the intended recipient, you are notified that any disclosure, copying, distribution or taking of any action in reliance on the contents of this electronic information is not permissible. If you have received this electronic document in error, please immediately notify us by telephone at (360)733-1916. Thank you. To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
