Vulnerabilities of Kolab 3.4
Homer Dokes
hdokes at mail.inct.net
Thu Apr 25 18:40:13 CEST 2019
Greetings all,
Recently we have been experiencing a tremendous number of spam/malware
emails with origination addresses from our own Kolab server members.
Our Kolab server sits behind a firewall allowing only ports 587, 25,
8585 (for the gui interface) and 993 for through traffic.
What kind of vulnerabilities, if any, exist for a would be attacker to
extract email information from the server under these conditions. In a
few instances we have actually had 'threaded' email exchanges shown in
the body of the malware email making it look legit. What is accessible
on the Kolab server that would allow anyone to retrieve that information
through those ports? Our concern is that the damage is already done and
we are compromised.
Thank you,
hdokes
More information about the users
mailing list