Re: STOPPING SPAM FROM COMPROMISED ACCOUNTS.
- On 9/21/2013 7:10 PM, Homer Wilson Smith wrote:
>I have had a few clients over the last few months that apparently had a
> I have an outgoing-only mail server for our customers called
> smtp.lightlink.com. It only allows relaying from local IP's,
> and known virtual domains if remote users wish to use it.
> We were fine when we were running pop before smtp authentication,
> but I was forced to also allow SASL authentication.
> More and more people are having their passwords compromised, I
> have no idea how it happens, one person had it compromised twice in
> one day after I changed it the first time.
> There are no false tries on the user account, until the spam
> starts coming in with the correct password, then its 64,000 pieces of
> mail forever and ever until I stop it.
> So one, how are passwords being compromised with out brute force
> attacks showing up on the server?
key tracker virus on their systems. Same problem. Password stolen. Reset
password... password stolen again in just a few hours. Customers removed
viruses from computer. Problem stopped.
877-777-1407 ext 502
Comprehensive Online Solutions
- On 21 Sep 2013, at 18:48 , Wietse Venema <wietse@...> wrote:
> Use postfwd (www.postfdw.org) or the like to rate-limit mail clients.tyop, the url is http://www.postfwd.org
(yes, it took me two tries to figure out what was wrong with it)
"Queen Isabella and King Ferdinand kicked 200,000 Jews out of Spain, one
of the first acts of the Spanish Inquisition, which no one ever expects
" -- John Carroll's 21st Annual Xmas Quiz answers