It doesn't matter how good your password is if you're using plaintext connections :)
Since every MUA I've used i nthe last few years supports SSL or TLS I should really get around to deprecating pop3 and imap and only using pop3s and imaps. This is especially imporant since some govts are trying to push through laws forcing ISP's to store all of the data each of their users downloads meaning that your unencrypted data will remain stored for however long is legislated with access by who knows how many people. \Clay On 2014-03-05 07:57, Tom Collins wrote: > The submission entries outside the US could very well be from hacked > accounts. > > I'm finding a surprising number of compromised accounts (once a week?), > including users with good passwords, so I have to assume they're snooped on > public wireless, or their computers are compromised by malware of some sort. > > The vckpw-smtp entries from outside the US are probably also hacked accounts, > since mail received from remote servers doesn't include authentication. Sorry > I wasn't thinking clearly in my previous response -- I forgot these were > vchkpw entries and are only related to authentication. I was thinking about > qmail logs. > > -Tom > > On Mar 4, 2014, at 10:43 PM, LHTek wrote: > > Thanks for the reply. > > NOTE: None of my users will have sent anything from outside the US. > > I've got some log entries for vchkpw-submission (marked as successful in the > log) with non-US IP's (Russia, Egypt, Honk Kong, etc). In my analysis I'm > marking those entries as hacked accounts. > > From what I read from your response, vchkpw-smtp (marked as successful in the > log) entries could be mail sent TO my server FROM another server on port 25. > That tells me those are probably safe submissions - even if they are from > overseas IPs. Am I thinking correctly? > > ------------------------- > FROM: Tom Collins <t...@tomlogic.com> > TO: vchkpw@inter7.com > SENT: Wednesday, March 5, 2014 12:02 AM > SUBJECT: Re: [vchkpw] Qmail maillog vchkpw-submission vs vchkpw-smtp > > vchkpw-submission is on port 587, and is typically used for emai clients > relaying mail. It's often set up to require authentication. > > vchkpw-smtp is on port 25, and can be used for email clients to relay mail, > or by other servers delivering mail to your server. > > -Tom > > On Mar 4, 2014, at 9:41 PM, LHTek wrote: > > In the /var/log/maillog file what is the difference between these 2 entries > (vchkpw-submission, vchkpw-smtp)? > > example: > Mar 4 17:27:03 michael vpopmail[14701]: vchkpw-submission: (PLAIN) login > success t...@domain.com:64.185.3.238 > Mar 4 10:54:42 michael vpopmail[29027]: vchkpw-smtp: (PLAIN) login success > t...@domain.com:64.57.239.114 !DSPAM:53171ca934269165765629!
