On Wed, Dec 10, 2008, James Pifer wrote:
On Tue, 2008-12-09 at 16:26 -0500, James Pifer wrote:
Thanks to all. For now I've stopped it using iptables. I tried stopping it at my router without success, yet another reason to replace it! I will also report it to abuse@covad.net.
My issues have gotten worse. Apparently over the last few days my ip address has gotten blacklisted. No idea why. Even though I have a commercial class cable modem service, my ip is residential because it comes to my house. But I've been running my mail server for several years and never had an issue.
Your IP address, 70.62.90.185, is listed on zen.spamhaus.org, and you can probably go to their web site to see why it's listed.
I have see quite a few cases where spam is sent from webmail accounts (mostly squirrelmail) by crackers who get access via weak passwords found by imap/pop probes as you described.
It's been my experience in the 15 years we have been doing support for regional ISPs that well over 50% of their user's passwords are easily cracked, and that getting the users to use good passwords is difficult to say the least.
Bill