[SOLVED] I think the postmaster account has been compromised

Discussions on webmail and the Professional version.
Post Reply
merk
Posts: 423
Joined: Sun Oct 12, 2003 2:50 pm

[SOLVED] I think the postmaster account has been compromised

Post by merk »

I'm getting a huge spike in sent mail today - well over 10x what is normally sent in a day and the day isnt even over yet.

Looking in the smtp logs i see a lot of messages which are obviously spam messages that are being sent to email address I don't host. Which means the user has to authenticate to send those messages.

AUTH AA== 235+Authenticated my-server-name 19 6 postmaster

That's the last line i see before it starts to actually send the emails. Does this mean they are logging in with the postmaster account? If so, which postmaster account since every post office has a postmaster account.
Top
Brett Rowbotham
Posts: 560
Joined: Mon Nov 03, 2003 7:48 am
Location: Cape Town

Re: URGENT I think the postmaster account has been compromis

Post by Brett Rowbotham »

It could be the postmaster for the default domain as I see from my SMTP logs that authentication for non-default domains shows the user@domain form.

Cheers,
Brett
Top
merk
Posts: 423
Joined: Sun Oct 12, 2003 2:50 pm

Re: URGENT I think the postmaster account has been compromis

Post by merk »

Thanks,I just changed the password on that account.
Top
Post Reply

Return to “MailEnable Professional Edition”