On Wed, Dec 10, 2008, James Pifer wrote: >On Tue, 2008-12-09 at 16:26 -0500, James Pifer wrote: >> Thanks to all. For now I've stopped it using iptables. I tried stopping >> it at my router without success, yet another reason to replace it! I >> will also report it to abuse at covad.net. >> > >My issues have gotten worse. Apparently over the last few days my ip >address has gotten blacklisted. No idea why. Even though I have a >commercial class cable modem service, my ip is residential because it >comes to my house. But I've been running my mail server for several >years and never had an issue. Your IP address, 70.62.90.185, is listed on zen.spamhaus.org, and you can probably go to their web site to see why it's listed. I have see quite a few cases where spam is sent from webmail accounts (mostly squirrelmail) by crackers who get access via weak passwords found by imap/pop probes as you described. It's been my experience in the 15 years we have been doing support for regional ISPs that well over 50% of their user's passwords are easily cracked, and that getting the users to use good passwords is difficult to say the least. Bill -- INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax: (206) 232-9186 Never blame a legislative body for not doing something. When they do nothing, that don't hurt anybody. When they do something is when they become dangerous. -- Will Rogers