One of our Linux Plesk 11.0 servers is being used to send out spam via horde/webmail. Unfortunately, there are no identifiers like username etc in the email headers to identify what is being compromised to send out this emails. All I have been able to do is block the IP listed in the header but of course they change IP and come right back.
I've also looked in /var/log/psa-horde/psa-horde.log but I don't see anything that would allow to know what username is being used to send out the spams.
Does any else have any other hints on where to look to find the offender?
Thanks,
Eric
I've also looked in /var/log/psa-horde/psa-horde.log but I don't see anything that would allow to know what username is being used to send out the spams.
Does any else have any other hints on where to look to find the offender?
Thanks,
Eric