On 15/06/2006 10:09 a.m., Ewen McNeill wrote:
In message <1150318480.2779.3.camel(a)agree-17>, Glen Eustace writes:
On Thu, 2006-06-15 at 08:02 +1200, Justin Cook wrote:
He's offering Squirrelmail. I've seen squirrelmail used to relay spam lately (some of it using my domain as the return address, grr.) [...] We have been a victim of this several times in the last couple of months.
It's not just squirrelmail either.
I have a client with a webmail system that has been abused in a similar manner to send spam.
Ditto. Many PHP applications that make use of the mail() function are incorrectly coded and are vulnerable to header injection attacks, including older versions of squirrelmail and horde/imp. Refer: http://www.securephpwiki.com/index.php/Email_Injection -Simon