Opened 3 years ago

Last modified 3 years ago

#10240 assigned Bug/Something is broken

mx1 hacked, sending mail from an irregular user

Reported by: https://id.mayfirst.org/erq Owned by: https://id.mayfirst.org/jamie
Priority: High Component: Tech
Keywords: mx1-email Cc:
Sensitive: no

Description

Hi jamie, I found lots of messages in the mail queue like this one

A0D0D223F827   122741 Tue Dec  9 11:29:29  vmail
                                         noreply@klan1mail.com

and this other one

4AC482955C*  122873 Tue Dec  9 10:51:04  vmail@mx1.laneta.apc.org
                                         noreply@klan1mail.com

Also from user angelica.sanchez@…, about this one I can change password and report to member, but could you help me taking a look at the other two?

Thanks a lot Enrique

Change History (2)

comment:1 Changed 3 years ago by https://id.mayfirst.org/erq

  • Owner set to https://id.mayfirst.org/jamie
  • Status changed from new to assigned

comment:2 Changed 3 years ago by https://id.mayfirst.org/jamie

Hi Enrique,

The other two messages are from the vmail user (which I think stands for virtual email user).

I took a look at a sample of those messages in the mailq and they seem to be auto-reply messages.

In other words, if a user configures their account to send a vacation email or any other kind of auto reply, that message is sent by the vmail user.

Also, it does not seem to be sophisticated enough to detect spam. So, for example, the suporte@laneta.apc.org email address sends an autoreponse to all messages it receives. However, most of those messages are probably spam. Therefore every spam message generates a new message in response.

Did you see this ticket: https://support.mayfirst.org/ticket/10136

I think that will provide an easy way for us to purge a lot of abandoned email accounts, many of which are generating these auto responses. That will also free up a lot of space.

jamie

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.