I would suggest you look at your operating system logs as well as the
IMail logs.
IMail logs will tell you if legitimate SMTP or POP access is how the
messages were gotten (if the access was across all your domains and user
after user accesses were extremely quick with many invalid logins-
someone just snarfed the email because of bad passwords.) Change them
now!
If your system logs show bad login attempts (or even if they don't)-
beware that someone may have compromised your server and extracted the
email files (and anything else), and might now have full access to your
server!!!!!
Looks like fun for you!
Good luck.
Stan Lyzak, BSEE, CISSP, MCSE, CCNA, A+
Network Security Engineer
ASysTech, Inc.
-----Original Message-----
From: 891981 8911981 [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 05, 2001 1:46 PM
To: [EMAIL PROTECTED]
Subject: [IMail Forum] Security?
Hi Everyone,
Someone seems to have obtained e-mail files containing all of the e-mail
that was sent to a couple of domains that we use on our Imail server.
Could someone explain to me how this person obtained copies of all of
these
e-mails?
Is there a direction that I can start looking in to secure our server?
Thanks,
Andy
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
