Hello! I have a dedicated server using Centos 7.3 set up with Perfect Server for Centos 7.3 and using ispconfig 3. I installed roundcubemail as the How-To specifies and it works well. However, the RoundCubeMail version that is installed by yum is 1.1.9. As soon as I added a few sites, hackers found the installation and a way to use RoundCubemail to send spam. Bad news. Is there any way to upgrade the roundcubemail using yum? The latest version is 1.3.0 and there are security fixes. Thanks, Richard
After deeper investigation, it seems that one of the server's email client's login and password was sniffed out on his local computer. I am not sure that the spammer was using the roundcubemail installation although the spam was sent through 127.0.0.1/dovecot. I will close this and look at other options for upgrading roundcubemail should that become necessary. Thanks! Richard