>Yeah I found the corresponding entries in the logs.
>
>It is not a standard spam impersonation technique.
>
>The From address belongs to the customer, however it is not a user
>address. It is an alias. So it does not have a password.
Note that IMail absolutely should not allow customers to send mail by
authenticating on an alias.
I would strongly urge you to double-check the relaying settings. Also, if
you post a log file snippet (showing the SMTPD lines, where IMail accepts
the E-mail), it would be helpful.
>AND the headers of the SPAM message show that the message was relayed by
>the Imail server.
Would you mind posting the headers here? It can take a lot of work to
really understand headers.
>I am not saying that the spammer is necessarily using this customer's
>password. There are ~1,000 other customers on this server. Each customer
>has 10 to 100 mailboxes. It could be one of these other mailboxes that the
>spammer uses to authenticate. Once they've authenticated they do the
>impersonation.
That's why it would be a good idea to post the logs -- there should be no
question as to which account the spammer used to authenticate. It is
starting to sound like they didn't authenticate.
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
