On 2023-02-22 at 09:56:40 UTC-0500 (Wed, 22 Feb 2023 14:56:40 +0000)
Gellner, Oliver via mailop <oliver.gell...@dm.de>
is rumored to have said:
On 2023-02-22 15:08, Giovanni Bechis via mailop wrote:
I have also one more idea. Remember the old "POP-before-SMTP"
approach
from the times there was no SMTP AUTH yet? I have observed that the
password-cracking bots are heavily attacking submission services,
while relatively very rarely trying to login to IMAP service. On the
other hand, any regular email client first does IMAP login to get
the
mailbox index, and then after the user tries to send a message,
authenticates to submission service. So one might simply reject
*any*
password on submission service, if there is no recent successful
IMAP
login to the same account from the same IP address.
this would not work for me, on my servers ~6% of imap logins are from
bots.
Also you have to consider CGNAT scenarios and other setups where the
egress IP address of a user might change, which would cause
intermittent, unexplainable breaks when trying to send emails.
An issue with any OOB authentication tied to an IP. A compromised
Windows laptop behind a company-wide NAT has no problem mimicking the
other Windows laptops around it which are all using the same IP as
clients.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
