On 2012-07-25 Mark Blackman wrote:
> On 25 Jul 2012, at 10:09, Ansgar Wiechers wrote:
>> Please re-read what I wrote, particularly the second half of it. Is
>> "Joseph Zebediah Average 4/1/1999" really a strong password?
>
> It is a strong password, unless you believe attackers would regard
> that
On 7/25/2012 4:09 AM, Ansgar Wiechers wrote:
> Indeed there isn't much disagreement on what forms a strong password (in
> principle). I do fail to see how this could be enforced on a technical
> level, though.
Use a plugin such as:
http://www.html-form-guide.com/web-form-widget/web-form-password-
On 7/24/2012 6:24 PM, mouss wrote:
> anvil is not an anti-spam solution. it's measure against "clients gone
> crazy".
Precisely. And that's how I advised the OP to us it: Plug the artery
until surgery can be performed. Surgery in this case being disabling
the account and setting a strong passw
On 25 Jul 2012, at 10:09, Ansgar Wiechers wrote:
> Mark,
>
>
> Please re-read what I wrote, particularly the second half of it. Is
> "Joseph Zebediah Average 4/1/1999" really a strong password?
It is a strong password, unless you believe attackers would regard that
format as a promising format
Mark,
On 2012-07-25 Mark Blackman wrote:
> On 25 Jul 2012, at 08:20, Ansgar Wiechers wrote:
>> On 2012-07-25 mouss wrote:
>>> oh come on! the "users" excuse is wa too old. if your software accepts
>>> weak passwords, then the problem is with the software, not the user.
>>
>> I'd have to disagree
On 25 Jul 2012, at 08:20, Ansgar Wiechers wrote:
> On 2012-07-25 mouss wrote:
>> Le 24/07/2012 08:37, Stan Hoeppner a écrit :
>>> You'd think humans beings would be smart enough to follow directions
>>> and use strong passwords, AV software, etc, and not fall for phishing
>>> scams. Your adversar
On 2012-07-25 mouss wrote:
> Le 24/07/2012 08:37, Stan Hoeppner a écrit :
>> You'd think humans beings would be smart enough to follow directions
>> and use strong passwords, AV software, etc, and not fall for phishing
>> scams. Your adversary in this war isn't the spammers, it's not the
>> technol
Le 24/07/2012 08:37, Stan Hoeppner a écrit :
> On 7/24/2012 12:44 AM, CSS wrote:
>>
>> On Jul 24, 2012, at 1:24 AM, Stan Hoeppner wrote:
>>
>>> On 7/23/2012 4:16 PM, CSS wrote:
>>>
I'd like to take some measures to limit what an authenticated sender can
do but not limit legitimate use.
>
On Jul 24, 2012, at 6:23 AM, Len Conrad wrote:
> At 04:16 PM 7/23/2012, you wrote:
>> Hello,
>>
>> Sorry for the broad question, but is there any sort of best common practice
>> these days regarding limiting outbound email? We recently had a customer's
>> account compromised (not sure if it wa
Len Conrad:
> I've been using postfwd.org for rate-limiting outbound senders,
> and inbound senders and IPs, plus lots of other inbound filtering,
> for a 2+ years. It killed our horrible problem of cracked passwords.
I think that dedicated tools such as postfwd and the like are the
way to go. Th
At 04:16 PM 7/23/2012, you wrote:
>Hello,
>
>Sorry for the broad question, but is there any sort of best common practice
>these days regarding limiting outbound email? We recently had a customer's
>account compromised (not sure if it was brute-forced or keylogged) and then
>the perp proceeded t
On 7/24/2012 2:08 AM, CSS wrote:
> Perhaps I'm misunderstanding this, but I was under the impression that the
> anvil limits were all enforced on a per-connection or per-IP limit. I'm
> really after something that can track a particular sasl-authenticated user
> and punish them (and not other
On Jul 24, 2012, at 2:37 AM, Stan Hoeppner wrote:
> On 7/24/2012 12:44 AM, CSS wrote:
>>
>> On Jul 24, 2012, at 1:24 AM, Stan Hoeppner wrote:
>>
>>> On 7/23/2012 4:16 PM, CSS wrote:
>>>
I'd like to take some measures to limit what an authenticated sender can
do but not limit legitim
On 7/24/2012 12:44 AM, CSS wrote:
>
> On Jul 24, 2012, at 1:24 AM, Stan Hoeppner wrote:
>
>> On 7/23/2012 4:16 PM, CSS wrote:
>>
>>> I'd like to take some measures to limit what an authenticated sender can do
>>> but not limit legitimate use.
>>
>> See:
>> http://www.postfix.org/postconf.5.html#
On Jul 24, 2012, at 1:24 AM, Stan Hoeppner wrote:
> On 7/23/2012 4:16 PM, CSS wrote:
>
>> I'd like to take some measures to limit what an authenticated sender can do
>> but not limit legitimate use.
>
> See:
> http://www.postfix.org/postconf.5.html#smtpd_client_connection_rate_limit
>
> You w
On 7/23/2012 4:16 PM, CSS wrote:
> I'd like to take some measures to limit what an authenticated sender can do
> but not limit legitimate use.
See:
http://www.postfix.org/postconf.5.html#smtpd_client_connection_rate_limit
You would apply this to your submission service, eg:
587 inet n
Hello,
Sorry for the broad question, but is there any sort of best common practice
these days regarding limiting outbound email? We recently had a customer's
account compromised (not sure if it was brute-forced or keylogged) and then the
perp proceeded to use their credentials to smtp-auth the
17 matches
Mail list logo
