Hi, since saturday we got about 40 reports from spamcom.net and other mailserver providers, that 'we' are sending or are used for sending spam.
The MX is 193.196.129.3
So far I received about 7.000 returned mail bounces from our system and
all reported messages do have User-Agent: Internet Messaging Program
(IMP) H3 (4.3.9) in the mailheader.
Or something like
Received: from switchde.switchvpn.com (switchde.switchvpn.com
[178.162.182.142]) by mail.filmakademie.de (Horde Framework) with HTTP;
Our mailserver is a Red Hat EL 5.x server with sendmail 8.13.8, apache
httpd 2.2.3, php 5.2.11, mysql 5.0.77 and latest horde webmailedition.
My questions:
What is the best way to find the leak? What may I configure in
horde/imp/apache/php ... to make it harder to be compromised?
This is the first time in 10 years ... so far our setup was not that bad.
Thanks a lot and best regards hor any hint!
Götz Reinicke
--
Götz Reinicke
IT-Koordinator
Tel. +49 7141 969 420
Fax +49 7141 969 55 420
E-Mail [email protected]
Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de
Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia Hübner
Geschäftsführer:
Prof. Thomas Schadt
smime.p7s
Description: S/MIME Cryptographic Signature
-- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: [email protected]
