He's right the password won't do a bit of good unless you make all 1000 users change the way they authenticate via SMTP.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Andrey Fyodorov Sent: Wednesday, October 09, 2002 2:03 PM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] Need HELP with rules It is most likely not his password. Any of the users that belong to 1,000 customers on this server could send be sending this mail or could be being exploited. -----Original Message----- From: Bob McGregor [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 09, 2002 1:58 PM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] Need HELP with rules can you have the customer change his password? On Wednesday, October 9, 2002 10:55 AM, Andrey Fyodorov <[EMAIL PROTECTED]> wrote: >Hi all. > >I have a customer who is on a shared Imail server with ~1000 >other customers. > >Recently someone has been impersonating him and sending porno >spam. It is not a trivial impersonation - they are actually >able to relay mail via his Imail server from a computer >somewhere in Macedonia. The Imail server is set to "No mail >relay". So I guess the spammer is one of the 1000 other >customers on the same Imail server. Or someone who >hacked/sniffed a legitimate customer's username and password? > >I can only see one way to stop this impersonation - to create a >rule that will check the From and the IP address in the header. >The good customer always sends mail from the same static IP >address. > >I am trying to create an outbound rule. I have tried it on the >customer's virtual host as well as on the physical host. I >can't seem to make the rule work. > >The rule look like this > >If the From Address Contains customer.com >AND >If the Header Text Does not Contain xxx.xxx.xxx.xxx > >(where xxx.xxx.xxx.xxx is the customer's static IP address) > > >I also tried > >If the From Address Contains customer\.com >AND >If the Header Text Does not Contain xxx\.xxx\.xxx\.xxx > > > >What am I doing wrong? > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
