Paul Stewart wrote:
Hi there.
New to the list and apologize in advance if this is something I missed when
hunting around. We do quite a bit of webhosting and run the Plesk platform
which in turn runs the IMP webmail system.
We're having a problem where on a very busy server one of the accounts for a
customer domain has been "hijacked". Someone has gotten their username and
password.
The problem is that tailing the maillog is nearly impossible and if I tail
the access_log it shows the accesses and the remote IP address (somewhere in
Europe). Neither of these show us the user account in use. The header of
the actual message doesn't include the username hidden anywhere neither.
Is there an easy way to track down the account in question?
Maybe a look in the queue contents...
One hint for the next time, add this to the imp/config/header.php file.
It will add a header with the user ID, and the remote host.
/* Add your custom entries below this line. */
$xheader = sprintf(_("User=%s; Remote=%s; Server=%s"),
Auth::getAuth(),
$_SERVER['REMOTE_ADDR'],
$_SERVER['HTTP_HOST']);
$_header['X-Webmail'] = $xheader;
--
---------------------------------------------------------------
Jose Marcio MARTINS DA CRUZ http://j-chkmail.ensmp.fr
Ecole des Mines de Paris
60, bd Saint Michel 75272 - PARIS CEDEX 06
mailto:jose-marcio.mart...@mines-paristech.fr
--
IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: imp-unsubscr...@lists.horde.org
