Today, someone managed to gain my e-mail account credentials and sent a bunch of outgoing malicious e-mails. I can see the hackers connecting to the Postfix SMTP server and sending the messages.
What I can't figure out is how they got the list of recipients I commonly send e-mail to. I'm pretty sure they couldn't get that from Postfix. However, I'm guessing they could if they logged in via Horde or IMAP or POP.
Question: It appears I can see all the IMAP accesses in /var/log/maillog. Where can I find this info for Horde or POP?
BTW, I upgraded from Plesk 11.5.30 to 12.0.18 two days ago. I don't think there's a connection but the timing is definitely very interesting.
What I can't figure out is how they got the list of recipients I commonly send e-mail to. I'm pretty sure they couldn't get that from Postfix. However, I'm guessing they could if they logged in via Horde or IMAP or POP.
Question: It appears I can see all the IMAP accesses in /var/log/maillog. Where can I find this info for Horde or POP?
BTW, I upgraded from Plesk 11.5.30 to 12.0.18 two days ago. I don't think there's a connection but the timing is definitely very interesting.