In message <1150318480.2779.3.camel(a)agree-17>, Glen Eustace writes:
On Thu, 2006-06-15 at 08:02 +1200, Justin Cook wrote:
He's offering Squirrelmail. I've seen squirrelmail used to relay spam lately (some of it using my domain as the return address, grr.) [...]
We have been a victim of this several times in the last couple of months.
It's not just squirrelmail either. I have a client with a webmail system that has been abused in a similar manner to send spam. In that case it appears that the spammers have created "legitimate" webmail mailboxes, and then used some automated tool as a way of injecting their messages in bulk. They've been closing the accounts and blocking the origin IPs as they find them, but it's been a bit of a case of whack-a-mole. They're working on other measures to block the spam/spammers. I must admit being surprised that the spammers aren't content using 0wn3d Microsoft Windows boxes as there's enough of those out there (and/or waiting to be 0wn3d). But perhaps the going rate for renting them is now too high. Or maybe outbound port 25 blocking is having some effect (much as I wish it weren't necessary to resort to that). Ewen