On 04/14/2010 11:18 AM, David Milholen wrote:
Eric Shubert wrote:
Jake Vickers wrote:
On 04/09/2010 05:26 PM, Eric Shubert wrote:
Jake Vickers wrote:
On 04/09/2010 11:25 AM, madmac wrote:
Is there then a way to secure squirrelmail, or any other webmail
prog.
This is a default install of qmail with the ISO.
Not having it is not an option, as most of the clients can only
use webmail as they are on the road daily.
Thanks
I use fail2ban to monitor for brute-force attacks. Works on pop3
as well.
fail2ban is good for brute-force attacks all right, but useless if
a password is sniffed. Best to be sure that no passwords travel the
internet in the clear.
True - I run everything using SSL myself.
I normally do not see too many passwords sniffed. I can provide gigs
worth of logs of brute force attempts. ;)
Yeah, I've only seen pw sniffed once.
Lots of "script kiddies" out there though. I shut off pop3 entirely,
and users use pop3-ssl. Haven't noticed any brute-force attacks on
IMAP, or SMTP for that matter (doesn't mean there haven't been any
though).
I am migrating everything over to ssl slowly but in oder to do a full
move without people noticing the pop up one time I need a fix on my
self signed cert so it doesnt pop up everytime I login.
I am looking into it but just havent had time to figure out what I
did wrong when I did the cert.
I did not try self-signed certs. I just paid the $10 and got a signed
cert (see the link on the wiki page).