Posted by on 01 August 2012 04:51 PM
Icewarp Mail Server installs demo accounts during installation. These accounts are set to expire after 30 days but until then, if Icewarp is installed on a production server, these accounts could be exploited by spammers and the like.
Basically, a spammer could access your Server using user/password combinations like admin/admin or domainadmin/domainadmin.to authenticate themselves and use your server as a relay.
To prevent this you should either disable the demo accounts or change the passwords.
A similar risk is incurred as a result of weak user/password combinations, such as webmaster/webmaster. These user/password combinations can be easily guessed and you should be careful not to create them.
If you wish you can scan your SMTP logs for Authenticated Logins to see if your system is being abused -
Look for log entries like this:
18.104.22.168 [0000036C] Fri, 14 Mar 2003 14:00:36 +0100 <<< AUTH LOGIN
22.214.171.124 [0000036C] Fri, 14 Mar 2003 14:00:36 +0100 >>> 334 VXNlcm5hbWU6
126.96.36.199 [0000036C] Fri, 14 Mar 2003 14:00:47 +0100 <<< YWRtaW4=
188.8.131.52 [0000036C] Fri, 14 Mar 2003 14:00:47 +0100 >>> 334 UGFzc3dvcmQ6
184.108.40.206 [0000036C] Fri, 14 Mar 2003 14:00:52 +0100 <<< YWRtaW4=
The commands and values are Base64 encoded and can be decoded using this free PHP encoder/decoder.
In the above example both the Username and Password are "admin"
You should check any weak password usage and change passwords where necessary.