PaulDotCom mailing list archives
SMTP auth attacks
From: ali.emirlioglu at gmail.com (Ali Emirlioglu)
Date: Fri, 11 Sep 2009 14:35:51 +1000
Hey everyone, I work at an ISP and we constantly have issues with SMTP Auth attacks where spammer's use correct customer credentials to use our mail servers as relay (closed relay? is there such a thing?). So far we have tried the following: * User education (insert delirious laughter) - seriously, this seems to never work. * Force strong passwords - this doesn't work for customers answering phishing emails for their username/password * IP restrictions - this causes lots of complaints as customers travel and want to still use SMTP * Outgoing message limits on authenticated user - it only seems to takes a handful of annoyed users to be blocked from places like Hotmail/Yahoo so this doesn't work. There are no brute force attempts on our servers as the attackers have figured out that our customer base is to put it lightly, non-techies who reply to any email that asks for their password. Also should mention we are using Debian servers with Postfix for SMTP. The problem basically is that by the time our mailq alarms Does anyone have any ideas or wants to mention something that I've missed? Google-fu pretty much tells me to turn SMTP Auth off but unfortunately this isn't an option. Cheers, Ali -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090911/907b03c5/attachment.htm
Current thread:
- SMTP auth attacks Ali Emirlioglu (Sep 10)
- SMTP auth attacks Ralph Durkee (Sep 11)