Hi All,

I have recently noticed a steady stream of email leaving my server that appears to be from my Squirrel Mail users.  I upgraded from 1.4.10 to 1.4.15 in an effort to fix the issue.  It went away for a couple of days, but is back now.

I have some wireshark captures if anyone else is interested.  I will have some more (for the v1.4.15 attacks soon as well).

My Server is:

Fedora Core v5
Php v4.3.9

I have access to the webmail disabled from the outside right now (we were already in the process of migrating away from SM when this happened.

I’m open to suggestions, comments, flames, etc.  I read in the archives about mailto.php, but it wasn’t made clear to me how to fix it, etc.

I look forward to your responses!

~Brant Wells, Network Administrator
Tocco Falls College