Just to expand a bit on my situation.

>  Further investigation showed that the compromised account belonging to a
> host on our network with a public IP was compromised with a trojan on the
> machine. This trojan I suppose was running a small server watching email
> traffic and sniffing passwords.
>  Once compromised I do believe the master server where the trojan came from
> executed the attack. I did not see but only one IP using the account for
> this purpose. Not Say that the master(hacker) could wake more bots to be
> used in the attack.
>
> A little more control over the queue would be nice. For now I have
> implemented nagios to watch the concurrency level and warn me when it goes
> above a certain level.
>
>
I had similar problems, but mails were sent via webmail (I'm using Horde).
I'm installing a captcha to stop bots using my webmail interface. With the
script I posted some mails ago, I'm monitoring the queue every minute, so as
to detect a compromised account. But these are all temporal solutions until
a real solution could be implemented, like an accounting module to qmail,
which can limit the numbers of mails being sent from an IP or an
authenticated user.
Googling a bit I found an accounting module for qmail, but I could't test
it:
http://www.gplhost.com/old_stuff/index.php?rub=softwares&sousrub=mysqmail
Has Anyone used it?

Natalio.

Reply via email to