[BlueOnyx:04127] Re: ROUNDCUBE spam - how do I determine which account is sending it?

Trond Husø trond at trondhuso.no
Wed Mar 24 06:35:57 -05 2010 

Hi Peter, I'm answering one of your question, in between paragraph so
scroll down :)

On Wed, 2010-03-24 at 10:57 +0000, Peter Robbins - Bridgewater Software
wrote:
> Hi,
> 
> I have roundcube installed from solarspeed.net
> 
> Is their anyway of working out which account has sent the email from
> roundcube?  
> 
> we have about 800 users on some of our BX servers which are used
> purely for email and we are getting blocked by various antispam lists
> and DNSBL as we are sending a lot of spam.
> 
> I have reduced the problem by adding zen.spamhaus.org as a blacklist
> and ensuring that the outgoing email is also scanned in AVSPAM.  This
> has reduced the amount significantly - the blacklist has also helped
> in reducing the amount of spam that our users are receiving.
> 
> But I want to discover which account is actually sending the emails.
> the headers of one of the spam emails points to roundcube as the
> sending mechanism. But the header does not tell me who sent it as the
> email address etc is forged?
> 
> I have searched the maillog for time and message but have found
> nothing.  Perhaps roundcube is hacked?
If this is the case, you should install chkrootkit or some other
rootkit-detection program, then run it and see if your server really is
hacked. 
I had a BQ-box hacked and it was not a pleasant job to clean up (and
eventually reinstall).
> 
> any clues as to where to look would be great!!
> 
> thanks
> 
> 
> -- 
> Kind regards, 
> 
> Peter Robbins 
> Commercial Director 
> Bridgewater Software Development Ltd 
> E: peter at bridgewater.it 
> T: 01442 870244 
> F: 01442 879993 
> ______________________________________________________________________
> Important: 
> This e-mail and any attachment(s) are intended for the above named
> only and may be confidential. If you are not the named recipient
> please notify us immediately. You must not copy or disclose the
> contents to any third party. Internet e-mail is not a fully secure
> communications medium. Please take this into account when sending
> e-mail to us. Any attachment(s) to this e-mail are believed to be free
> from virus, but it is the responsibility of the recipient to make all
> the necessary virus checks. 
> 
> Bridgewater Software Development Ltd 
> Audley House 
> Northbridge Road 
> Berkhamsted 
> HP4 1EH 
> 
> Telephone: 01442 870244; 
> Fax: 01442 879993; 
> Web Site: http://www.bridgewater.it
> 
> 
> 
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx


-- 
Trond Husø
-----------------------------
PHP-developer
Linux (Ubuntu/Fedora/CentOS) user and Administrator
www.trondhuso.no

More information about the Blueonyx mailing list