On 10/14/14, 10:34 AM, Bob OHara wrote:
> Hello > > We use Roundcube for our ISP's domain customer webmail. An account has been > compromised and the spammers reply to addy put in. Any way to find which > account contains this address in reply to without logging in to them all? > > Bob You could run queries against the database directly. You need to look at both the email and reply-to entries. For example, if all your users should have reply-to at "yourdomain.com", some queries I'd use to find this would be: SELECT user_id, email, `reply-to` FROM identities WHERE `reply-to` NOT LIKE '%yourdomain.com' AND `reply-to` != ''; SELECT user_id, email, `reply-to` FROM identities WHERE email NOT LIKE '%yourdomain.com'; When you see the wrong entry in the results of one of those two queries, make note of the user_id and run the the following: SELECT username FROM users WHERE user_id = 0000; That should identify the user or users with the compromised account(s). -- Arne Berglund System Administrator, Internet Services Lane Education Service District Eugene, OR ____________
_______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
