Loading ...
Sorry, an error occurred while loading the content.
 

Re: STOPPING SPAM FROM COMPROMISED ACCOUNTS.

Expand Messages
  • Wietse Venema
    ... Use postfwd (www.postfdw.org) or the like to rate-limit mail clients. ... They compromise the mail client host and steal login credentials, or they phish
    Message 1 of 5 , Sep 21, 2013
      Homer Wilson Smith:
      >
      > I have an outgoing-only mail server for our customers called
      > smtp.lightlink.com. It only allows relaying from local IP's,
      > and known virtual domains if remote users wish to use it.
      >
      > We were fine when we were running pop before smtp authentication, but
      > I was forced to also allow SASL authentication.
      >
      > More and more people are having their passwords compromised, I have no
      > idea how it happens, one person had it compromised twice in one day after
      > I changed it the first time.
      >
      > There are no false tries on the user account, until the spam starts
      > coming in with the correct password, then its 64,000 pieces of mail
      > forever and ever until I stop it.

      Use postfwd (www.postfdw.org) or the like to rate-limit mail clients.

      > So one, how are passwords being compromised with out brute force
      > attacks showing up on the server?

      They compromise the mail client host and steal login credentials,
      or they phish the user, and make them give their login credentials
      to a rogue server.

      Wietse
    • John Hinton
      ... I have had a few clients over the last few months that apparently had a key tracker virus on their systems. Same problem. Password stolen. Reset
      Message 2 of 5 , Sep 22, 2013
        On 9/21/2013 7:10 PM, Homer Wilson Smith wrote:
        >
        > I have an outgoing-only mail server for our customers called
        > smtp.lightlink.com. It only allows relaying from local IP's,
        > and known virtual domains if remote users wish to use it.
        >
        > We were fine when we were running pop before smtp authentication,
        > but I was forced to also allow SASL authentication.
        >
        > More and more people are having their passwords compromised, I
        > have no idea how it happens, one person had it compromised twice in
        > one day after I changed it the first time.
        >
        > There are no false tries on the user account, until the spam
        > starts coming in with the correct password, then its 64,000 pieces of
        > mail forever and ever until I stop it.
        >
        > So one, how are passwords being compromised with out brute force
        > attacks showing up on the server?
        >
        >
        I have had a few clients over the last few months that apparently had a
        key tracker virus on their systems. Same problem. Password stolen. Reset
        password... password stolen again in just a few hours. Customers removed
        viruses from computer. Problem stopped.

        --
        John Hinton
        877-777-1407 ext 502
        http://www.ew3d.com
        Comprehensive Online Solutions
      • LuKreme
        ... tyop, the url is http://www.postfwd.org (yes, it took me two tries to figure out what was wrong with it) -- Queen Isabella and King Ferdinand kicked
        Message 3 of 5 , Sep 23, 2013
          On 21 Sep 2013, at 18:48 , Wietse Venema <wietse@...> wrote:
          > Use postfwd (www.postfdw.org) or the like to rate-limit mail clients.

          tyop, the url is http://www.postfwd.org

          (yes, it took me two tries to figure out what was wrong with it)

          --
          "Queen Isabella and King Ferdinand kicked 200,000 Jews out of Spain, one
          of the first acts of the Spanish Inquisition, which no one ever expects
          " -- John Carroll's 21st Annual Xmas Quiz answers
        Your message has been successfully submitted and would be delivered to recipients shortly.