Hi, Occasionally I receive mail from compromised web mails asking user name and password from my users. The source IPs are usually clean (as they are legitimate mail servers) and do not catch any ip based rules. Usually one or two mail accounts are used to pump mails via web mail after authentication.
I have pasted one such (slightly edited) mail at http://pastebin.ca/1715399 It is interesting to note that the victim was using Barracuda anti spam appliance which also failed to catch this spam. Any ideas to tackle such spam is very much welcome. with regards, raj
