I am using SquirrelMail version 1.4.8-21.el5.centos for webmail and one of my users when trying to send email via webmail it does not send using his real account but instead the is what his recipients will receive in their inbox;
Email address: Mrs.Lola Sanchez <info@Lola.com>
I am Mrs.Lola Sanchez,manager bills and exchange at the foreign remittance department of La_caixa bank Madrid.I have a business suggestion for you.It involve the transfer of($ 15.2 million US Dollar).if interested please reach me on(email@example.com) with more details of this operation.
Mrs Lola Sanchez.
However this does not happen when he is using Microsoft Outlook
You need to find where the malware is operating. Here are a few stuff to
verify (without any order):
- Is the end user's computer clean?
- Try to send out a message from another account, and from another
- (In case of Windows client) Reset the user's Windows profile;
- Don't you have a malicious SM plugin installed?
- Was your SM installation altered by a malware? Check files timestamps
and/or md5 sums.
- Install a new SM instance and ask the user to use it.
- (In case of Unix authentication) Is the user's Unix account healthy?