Thanks for the help.  What log file would contain that information?

-----Original Message-----
From: Bruce Barnes [EMAIL PROTECTED]
Sent 10/30/2008 9:48:10 AM
Subject: RE: [IMail Forum] Cleaning hacked server

We had the same thing happen. 

It turns out the user used the password "fluffy" to secure their account.
Check your logs - if you are running them - and you will see someone tried
multiple passwords on the account and it probably didn't take very many
tries for them to gain access.

We cleaned the account and made the user change their password, and locked
out web access for her because she never uses it, and have not had another


-----Original Message-----
[mailto:[EMAIL PROTECTED] On Behalf Of Gary Steeley
Sent: Thursday, October 30, 2008 08:39
Subject: [IMail Forum] Cleaning hacked server

I'm assisting someone whose Imail server (9.23 running on 2003) has been
hacked by a spammer. I don't think it's a relaying issue since the server
is behind a Barracuda spam firewall that filters incoming email and rejects
anything not addressed to the domain's users - the Barracuda logs show
nothing. The server is not running on port 25 - the Barracuda is forwarding
all email on a different port. If you go into User Manager you can see
where an user account had been modified with a bogus Full Name and Return
Address. The actual spam content was in the signature file and the hacked
user account was used to send the spam email.

The server is on a DMZ, with incoming ports tightly restricted - I've been
searching the firewall and SMTP logs but can't figure out how the spammer is
gaining access to Imail. Where do I need to be looking? Any help would be
greatly appreciated.

To Unsubscribe:
List Archive:
Knowledge Base/FAQ:

To Unsubscribe:
List Archive:
Knowledge Base/FAQ:

Reply via email to