Most of our brute force password attacks are against our pop service and some of our breaches are where gullible clients respond to various claims about "give us your details or you will lose your account", of which some recent spams were even branded with our domainname so they would always look convincing to 1% or 2% of our clients.
Once the users pop/imap details are uncovered then they are used to access the smtp ports to send out authenticated mail. Now we notice there is a recent tendency to send out very slowly from a large range of IPs (a botnet, particularly from south america) so the obvious pump and dump of yesteryear is not detected and can go on for weeks until we manually notice suspicious behaviour in the mail logs. The only good thing about this recent trend, to stealthily send out spam at roughly the frequency of a human, does not land us on a blacklist. Anyway, one thing that would help mitigate this is to have separate passwords for pop, imap and smtp servers and maybe even different ones for each port in use. Just to be able to have a two passwords, one for incoming mail and a different one for outgoing mail, could make a difference so any suggestions how to allow our clients to use different passwords for the different courier-authdaemon family of services? ------------------------------------------------------------------------------ _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
