From: Jonathan A. <jo...@sq...> - 2009-08-30 20:44:32
|
On Sun, 30 Aug 2009 00:18:09 -0700 (PDT), Ivan S <whi...@ya...> wrote: >Hi all, > >In my office we are using SM for external user to connect to our >exchange server. we're using squirrelmail 1.4.9a and postfix-2.3.4. we >are having issue these few days where spammer can send email through >this webmail using other domain to send to internet. below is the log >from maillog: > 1.4.9a is nearly 3 years old, and has known security issues. You should upgrade. >Aug 30 05:05:06 webmail postfix/smtpd[1470]: connect from localhost.localdomain[127.0.0.1] >Aug 30 05:05:06 webmail postfix/smtpd[1470]: 5621323FA7: client=localhost.localdomain[127.0.0.1] >Aug 30 05:05:06 webmail postfix/cleanup[1473]: 5621323FA7: >message-id=<7a2d144cd865d8824ecac6ef0cc92afb.squirrel@mydomain> >Aug 30 05:05:06 webmail postfix/qmgr[1155]: 5621323FA7: from=<in...@em...>, size=1501, nrcpt=201 (queue active) >Aug 30 05:05:07 webmail postfix/smtpd[1470]: disconnect from localhost.localdomain[127.0.0.1] >Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: >to=<chr...@ho...>, >relay=192.168.0.10[192.168.0. >10]:25, delay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9FC34C8065) >Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: >to=<ch...@ho...>, relay=192.168.0.10[192.168.0.10]:25, >del >ay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9FC34C8065) >Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: >to=<chr...@ho...>, >relay=192.168.0.10[192.168.0.10]:25 >, delay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9FC34C8065) >Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: >to=<chr...@ho...>, >relay=192.168.0.10[192.168.0.10]: >25, delay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9FC34C8065) > >and so on (there were around 200 email).I dont know whether this is >squirrelmail or postfix issue. my question is, how come someone use this >webmail without authenticate their self and sending email to internet? >(users authenticate with active directory) > SquirrelMail doesn't allow relaying without authentication. Can you see any IMAP logins around the same time? -- Jonathan Angliss <jo...@sq...> |