Or have I missed something ?
It seems that a user has changed his password to something weak. The result was that a spammer found it and used my box to send spam. That of course blacklisted the IP. .
That gave me the thought that I could check all the other passwords that users might have set. I can’t find a way of doing that other than going into each user via the “Edit mail and FTP users” in each VH.
Have I missed something, is there an easy way to list all passwords ?
Thanks for reading
Tim
A weak password is a way that a spammer can break in, but another way is that the spammer is taking advantage of a vulnerability in a web app – quite possible from an older web app installation.
The thing to do is figure out which account is sending all the emails, then change their password, along with verifying all the app installs to make sure they’re at the most recent versions.
I’d actually be more concerned with the web app versions than the passwords… both are important, but the web apps are a more common spam source.
-Eric
Thanks Eric,
On this occasion I have found the logs of the outgoing emails and they seem to have been sent (I believe) using the users login. I’m not, as you know, anything like a guru, so I could be wrong. but I don’t think so.
Other than the apps provided via the basic VM installation like form mail, there are no apps installed. VM, WM and the OS are all patched.
Thus, I think that I am probably safe from that angle.
I will just go through the couple hundred users on the box looking for weak passwords, just in case. Might take a while because of other priorities.
I am still battling with some blacklists but I think I have beaten the backscatter (alias domains were not copying the main domain addresses) because no instances for a couple of days now.
I continue to try to find out why Barracuda has the IP listed but they give very little info. But that is off topic for this thread. I may have to ask for help on that subject later.
Thanks for reading,
Tim