[BlueOnyx:17392] Detecting compromised mail accounts
Jeff Keller
jeff at datatune.com
Tue Mar 31 23:33:48 -05 2015
I had a vsite-user who's mail account creds were compromised and the
account was being used to relay spam. The user suspected the issue, I
confirmed it in maillog and rotated their creds to stop the flow.
I was hoping to find a way in the GUI to identify potential issues like
this in the future by identifying "top senders" and spent some time looking
through the Usage Information > Email reports but was a bit confused by the
numbers in that report (they look too low).
So I had a few questions which I'm hoping somebody can help with:
1 - Is the Usage Information > Email report the right place to find
top-senders?
2 - If it is, which specific sub-report is the one I should be looking at?
3 - Why would the values in that report seem too small for my server's
traffic (by an order of magnitude) for a defined reporting period?
Thanks!
Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20150331/23207010/attachment.html>
More information about the Blueonyx
mailing list