« Return to Thread: Webmail hole?
Webmail hole?
by Rocco Scappatura-3
::
Rate this Message:
Hello,
I'm using SM 1.4.6 on a SLES 10 platform with Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8a PHP/5.2.9 (HOSTNAME: annina.mydomain.tld [xxx.yyy.zzz.www]) installed.
On my mail gateway I noted some queued messages that has headers like this:
Received: from localhost (localhost [127.0.0.1])
by av8.mydomain.tld (Postfix) with ESMTP id 77DB615B679;
Wed, 3 Jun 2009 01:32:48 +0200 (CEST)
X-Virus-Scanned: amavisd-new at stt.vir
Received: from av8.mydomain.tld ([127.0.0.1])
by localhost (av8.stt.vir [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id fH8gW7H4kqOH; Wed, 3 Jun 2009 01:32:48 +0200 (CEST)
Received: from webmail.mydomain.tld (annina.mydomain.tld [xxx.yyy.zzz.www])
by av8.mydomain.tld (Postfix) with ESMTP id EDC0115B678;
Wed, 3 Jun 2009 01:32:47 +0200 (CEST)
Received: from 80.237.152.53 (proxying for unknown)
(SquirrelMail authenticated user <imap_user>)
by webmail.mydomain.tld with HTTP;
Wed, 3 Jun 2009 01:33:39 +0200 (CEST)
Message-ID: <49689.80.237.152.53.1243985619.squirrel@...>
Could I know how it is possible to use SM as a source of SPAM and how to prevent that this happens?
Is it only a matter of weakness of credential of IMAP user <imap_user> or the authentication is workarounded at all?
Thanks in advance for the exhaustive explanation of this attack.
rocsca
Rocco Scappatura
Assurance & Delivery Sistemi Verona
Infracom Network Application S.p.A.
Attività di direzione e coordinamento Infragruppo S.p.A.
Gruppo Infracom
Via Meucci, 14
37135 Verona
Italia
Telefono +39 045 9695153
Telefax +39 045 9690370
Cellulare +39 335 7276547
Rocco.Scappatura@...
www.infracomna.it
Le informazioni contenute in questo messaggio di posta elettronica sono indirizzate esclusivamente al destinatario. Si prega di non leggere, fare copia, inoltrare a terzi o conservare tale messaggio se non si è il legittimo destinatario dello stesso. Qualora questo messaggio sia stato ricevuto per errore, si prega pertanto di rinviarlo al mittente e di cancellarlo permanentemente dal proprio computer.
The information contained in this message is intended exclusively for the recipient. If you are not the intended recipient you are obliged to not read, copy, disclose, distribute or copy it to any third party. If you erroneously receive this message you are obliged to return it to the sender and eliminate it permanently from your computer
------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
-----
squirrelmail-devel mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-devel@...
List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel
I'm using SM 1.4.6 on a SLES 10 platform with Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8a PHP/5.2.9 (HOSTNAME: annina.mydomain.tld [xxx.yyy.zzz.www]) installed.
On my mail gateway I noted some queued messages that has headers like this:
Received: from localhost (localhost [127.0.0.1])
by av8.mydomain.tld (Postfix) with ESMTP id 77DB615B679;
Wed, 3 Jun 2009 01:32:48 +0200 (CEST)
X-Virus-Scanned: amavisd-new at stt.vir
Received: from av8.mydomain.tld ([127.0.0.1])
by localhost (av8.stt.vir [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id fH8gW7H4kqOH; Wed, 3 Jun 2009 01:32:48 +0200 (CEST)
Received: from webmail.mydomain.tld (annina.mydomain.tld [xxx.yyy.zzz.www])
by av8.mydomain.tld (Postfix) with ESMTP id EDC0115B678;
Wed, 3 Jun 2009 01:32:47 +0200 (CEST)
Received: from 80.237.152.53 (proxying for unknown)
(SquirrelMail authenticated user <imap_user>)
by webmail.mydomain.tld with HTTP;
Wed, 3 Jun 2009 01:33:39 +0200 (CEST)
Message-ID: <49689.80.237.152.53.1243985619.squirrel@...>
Could I know how it is possible to use SM as a source of SPAM and how to prevent that this happens?
Is it only a matter of weakness of credential of IMAP user <imap_user> or the authentication is workarounded at all?
Thanks in advance for the exhaustive explanation of this attack.
rocsca
Rocco Scappatura
Assurance & Delivery Sistemi Verona
Infracom Network Application S.p.A.
Attività di direzione e coordinamento Infragruppo S.p.A.
Gruppo Infracom
Via Meucci, 14
37135 Verona
Italia
Telefono +39 045 9695153
Telefax +39 045 9690370
Cellulare +39 335 7276547
Rocco.Scappatura@...
www.infracomna.it
Le informazioni contenute in questo messaggio di posta elettronica sono indirizzate esclusivamente al destinatario. Si prega di non leggere, fare copia, inoltrare a terzi o conservare tale messaggio se non si è il legittimo destinatario dello stesso. Qualora questo messaggio sia stato ricevuto per errore, si prega pertanto di rinviarlo al mittente e di cancellarlo permanentemente dal proprio computer.
The information contained in this message is intended exclusively for the recipient. If you are not the intended recipient you are obliged to not read, copy, disclose, distribute or copy it to any third party. If you erroneously receive this message you are obliged to return it to the sender and eliminate it permanently from your computer
------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
-----
squirrelmail-devel mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-devel@...
List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel
« Return to Thread: Webmail hole?
| Free embeddable forum powered by Nabble | Forum Help |
