Hi,
I had on my webserver (PHP 5.3.3-7+squeeze3 debian) round 0.6
And my server sent spam in recent days
I have found that was roundcubemail who sent these spams
( in file log sendmail)
What information can I provide to find the security hole ?
Thanks
There is no security hole.
Someone was able to login into the webmail system by using existing account credentials and to spam mails from there.
In my plugins bundle (see footer) there are several plugins to prevent sending spam (dnsbl/blockspamsending). In addition you should restrict the number of allowed recipients in ./config/main.inc.php.
Quote from: rosali;36992There is no security hole.
Are we sure? I just had the same thing happen to me, almost immediately after I upgraded to 0.6. I backed down to 0.5.4 and it stopped. I went back to 0.6 and it started again.
Could you check Roundcube's _userlogins_ and _sendmail_ logs?
Hopefully jfsenechal can. My provider got grumpy and cancelled my VPS because of the spam, and I've yet to get them to turn it back on.
Quote from: jdubois;37000Are we sure? I just had the same thing happen to me, almost immediately after I upgraded to 0.6. I backed down to 0.5.4 and it stopped. I went back to 0.6 and it started again.
I've been running 0.6 in production for a week, and in testing since it was released. No out-going spam, no security hole.
I keep an ear to the ground on the exploit listing websites for anything RoundCube related but I haven't seen anything that effects RC 0.6.