We have been receiving spam sent to specific addresses that are in our directory but not published on the internet. The same messages are additionally cc'd to several multiple recipients within our domain which may, or may not, be available on the web.
The spammers also use our users' usernames in addition to the email addresses.
Perhaps spammers have become more sophisticated at collating email addresses and usernames from different sources? Or perhaps our our directory has somehow been compromised.
We use OSX Open Directory and have KC authenticate against it.
LDAP ports are blocked on the OD server to 3rd parties, and I know Kerio Connect does not allow anonymous LDAP searches. We force authentication against Open Directory.
I am not aware of the directory of a Kerio Connect server ever being compromised and I have no reason to suspect our Kerio server. I am just trying to post-rationalize how these problems could have occurred and would appreciate any comment.
[Updated on: Mon, 21 January 2013 21:06]
This sounds more like a compromised workstation, or a compromised third party email account with those email addresses in their address book.
Kerio discussion forums are intended for open communication between forum
members and may contain information and material posted by members which may
be useful in learning about Kerio products. The discussion forums are not
intended to provide technical support for any specific product. Any
information implied or expressed in the discussion forums is that of the
posting member. Kerio is in no way responsible for the information posted in
the forums, or its accuracy. Kerio employees may participate in the
discussions, but their postings do not represent an offical position of the
company on any issues raised or discussed. Kerio reserves the right to
monitor and maintain the forums to promote free and accurate exchange of