All of a sudden server start to generate huge amount of mail traffic(spam).
roundcube sendmail log shows me:
[13-May-2009 06:07:37 -0500]: [13-May-2009 06:07:37 -0500] User: 2 on 217.194.14
7.131; Message for undisclosed-recipients:;;
[13-May-2009 06:14:11 -0500]: [13-May-2009 06:14:11 -0500] User: 2 on 217.194.147.131; Message for undisclosed-recipients:;;
[13-May-2009 08:03:13 -0500]: [13-May-2009 08:03:13 -0500] User: 2 on 213.255.218.244; Message for undisclosed-recipients:;;
217.194.147.131, 213.255.218.244 - is not my client addresses
apache access log
217.194.147.131 - - [13/May/2009:16:57:22 -0500] "GET /?_task=mail&_action=check-recent&_t=1242252267513&_list=1&_quota=1&_remote=1 HTTP/1.1" 200 87
217.194.147.131 - - [13/May/2009:16:57:42 -0500] "GET /?_task=mail&_action=check-recent&_t=1242252286888&_list=1&_quota=1&_remote=1 HTTP/1.1" 200 87
217.194.147.131 - - [13/May/2009:16:58:25 -0500] "GET /?_task=mail&_action=check-recent&_t=1242252327528&_list=1&_quota=1&_remote=1 HTTP/1.1" 200 754
217.194.147.131 - - [13/May/2009:16:58:42 -0500] "GET /?_task=mail&_action=check-recent&_t=1242252346898&_list=1&_quota=1&_remote=1 HTTP/1.1" 200 87
217.194.147.131 - - [13/May/2009:16:59:25 -0500] "GET /?_task=mail&_action=check-recent&_t=1242252387533&_list=1&_quota=1&_remote=1 HTTP/1.1" 200 762
217.194.147.131 - - [13/May/2009:16:59:42 -0500] "GET /?_task=mail&_action=check-recent&_t=1242252406908&_list=1&_quota=1&_remote=1 HTTP/1.1" 200 87
217.194.147.131 - - [13/May/2009:17:00:23 -0500] "GET /?_task=mail&_action=check-recent&_t=1242252447550&_list=1&_quota=1&_remote=1 HTTP/1.1" 200 87
217.194.147.131 - - [13/May/2009:17:00:48 -0500] "GET /?_task=mail&_action=check-recent&_t=1242252466920&_list=1&_quota=1&_remote=1 HTTP/1.1" 200 87
The question is is it security hole in RoundCube or just server miscofigured.
I'm using postfix+mysql+postfixadmin+roundcube configuration.
P.S. I can provide more information
P.P.S. Roundcube version Latest release: v0.2.1