Text only | Text with Images

Roundcube Community Forum

News and Announcements => General Discussion => Topic started by: kazabe on May 21, 2009, 02:46:19 PM

Title: my roundcube is sending spam :(
Post by: kazabe on May 21, 2009, 02:46:19 PM
Hi.

Im receiving a lot mail delivery messages, indicating to the destination cant receive the messages.  I check that destination, and we dont send any message to them.  but i check with mailq, and found a lot messages waiting for delivery.

So i check the ./logs/sendmail logs, and i found that:

[21-May-2009 12:18:09 -0500]: User mercadeo@localhost [41.221.174.213]; Message
for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as BC7DEA48492
[21-May-2009 12:19:14 -0500]: User mercadeo@localhost [41.221.174.213]; Message
for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as EA1F8A484CB
[21-May-2009 12:19:48 -0500]: User mercadeo@localhost [41.221.174.213]; Message
for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as D4998A484CB
[21-May-2009 12:20:37 -0500]: User mercadeo@localhost [41.221.174.213]; Message
for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as 172ACA484F7
[21-May-2009 12:21:27 -0500]: User mercadeo@localhost [41.221.174.213]; Message
for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as 08CE7A484CB
[21-May-2009 12:21:56 -0500]: User mercadeo@localhost [41.221.174.213]; Message
for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as 80305A48507
[21-May-2009 12:22:45 -0500]: User mercadeo@localhost [41.221.174.213]; Message
for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as 1FB0CA484E3
[21-May-2009 12:24:08 -0500]: User mercadeo@localhost [41.221.174.213]; Message
for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as CF747A484E3
[21-May-2009 12:24:50 -0500]: User mercadeo@localhost [41.221.174.213]; Message
for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as 701CEA484E3
[21-May-2009 12:25:22 -0500]: User mercadeo@localhost [41.221.174.213]; Message
for undisclosed-recipients:;; 250: 2.0.0 Ok: queued as 676EFA48532

So.  from the IP 41.221.174.213 are using my roundcube to send spam to undisclosed-recipients.

I ban the IP using iptables, but that is not a real solution.

what can i check in roundcube to stop that problem?

Im using roundube v02.2

Thanks in advance
Title: my roundcube is sending spam :(
Post by: Asterix on May 21, 2009, 04:44:15 PM
Maybe the password of one of your users is stolen.

I have turned on the option to include the IP address of the client using RoundCube. If you get a message from your mail queue, you might be able to determine who is doing this.

Marcel
Title: my roundcube is sending spam :(
Post by: rosali on May 22, 2009, 01:14:57 AM
There will be a DNS Blacklist plugin soon - Hopefully this weekend. It will work with current SVN version.
Title: my roundcube is sending spam :(
Post by: kazabe on May 22, 2009, 04:44:26 PM
ok.

problem solved.   The problem was passwords stolen.

thanks to all!
Text only | Text with Images