On 2010-06-25 4:53 AM, GrayHat wrote:
> exactly my point; it doesn't make sense imHo allowing users to
> change their passwords w/o checking them and then reject the
> emails due to "weak passwords"; the password issue must be
> dealt with at mailserver level
I don't think Matti meant that these s
>> ASSP is much more then a spamfilter (as you should know).
>> It provides Mail Routing, SSL, Virusscanning, connection
>> shaping and lots more usefull functions.
> Surely the testing for weak passwords should be done at the
> point that the password is changed - not somewhere else later
>
On 24/06/10 15:44, Matti Haack wrote:
> ASSP is much more then a spamfilter (as you should know). It provides
> Mail Routing, SSL, Virusscanning, connection shaping and lots more usefull
> functions.
>
Surely the testing for weak passwords should be done at the point that
the password is chan
Hello Greyhat,
there is no way in the API to access Hmailserver passwords - and
hmailserver only stores hashes in it's DB.
Of course, it would be easy to change the Admin Script. But so we
would have a solution covering any MTA. On My system I never had an
issue with weak passwords
> BTW Greyhat, could you be so kind and tell me wich
> application can test for weak passwords in connection
> with hmailserver? It seems as you have great experience
> with some appliances who would manage this.
I think you'll have to look at the hMailServer "scripting"
the program expos
ASSP is much more then a spamfilter (as you should know). It provides
Mail Routing, SSL, Virusscanning, connection shaping and lots more usefull
functions.
On my machine, toasting coffe and cleaning up the room runs fine :)
But it would be great if it also checks for weak passwords.
I think thi
> Weak Passwords are in the top 10 reasons for relaying spam. So I fell
> this could be part of ASSP
No, sorry, assp is a SPAMFILTER not a way to allow brain-dead
admins to plug some kind of "silver bullet" on their network and
feel better just because "they installed something"; if you want
or n
Weak Passwords are in the top 10 reasons for relaying spam. So I fell
this could be part of ASSP
Matti
>>> Good idea, but why not just use cracklib or something that is already
>>> designed and well tested for something like this:
>>
>>> http://search.cpan.org/dist/Crypt-Cracklib/Cracklib.pm
>>
>> Good idea, but why not just use cracklib or something that is already
>> designed and well tested for something like this:
>
>> http://search.cpan.org/dist/Crypt-Cracklib/Cracklib.pm
> This would be helpful too.
Nope; I don't think so, see... ASSP is a *spamfilter* not some kind
of "universal
Hello Thomas,
> I still not understand, what this should be for!? The SMTP password (used
> in the AUTH command) are stored and checked at the MTA - why should assp
> check its weakness, if the MTA should do this at the time when it is
> specfied?
You are right. But many MTAs have no option t
eff: [Assp-test] Feature request: Weak Password Warning
Hello,
would it be possible to check incomming SMTP Passwords against a list
of regexes and send a warning to the logfile if matching?
Additionatly it would be good to check the PW not to be the user part
or a substring of the userpart of
On 2010-06-24 6:31 AM, Matti Haack wrote:
>> Good idea, but why not just use cracklib or something that is already
>> designed and well tested for something like this:
>>
>> http://search.cpan.org/dist/Crypt-Cracklib/Cracklib.pm
> This would be helpful too.
> But I think ASSP already includes lot
> Good idea, but why not just use cracklib or something that is already
> designed and well tested for something like this:
> http://search.cpan.org/dist/Crypt-Cracklib/Cracklib.pm
This would be helpful too.
But I think ASSP already includes lot of code to check regexes, so a
simple regex text
On 2010-06-24 6:08 AM, Matti Haack wrote:
> would it be possible to check incomming SMTP Passwords against a list
> of regexes and send a warning to the logfile if matching?
>
> Additionatly it would be good to check the PW not to be the user part
> or a substring of the userpart of the email ad
Hello,
would it be possible to check incomming SMTP Passwords against a list
of regexes and send a warning to the logfile if matching?
Additionatly it would be good to check the PW not to be the user part
or a substring of the userpart of the email adress and the domain name.
As many mailserv
15 matches
Mail list logo
