PaulDotCom mailing list archives
SMTP auth attacks
From: rd at rd1.net (Ralph Durkee)
Date: Fri, 11 Sep 2009 10:38:16 -0400 (EDT)
Ouch! Sounds like a good challenge. My first though is to make the problem a bit easier is to go back to the IP Restrictions and find a different solution for the traveling customers. So that the at home users use are authenticated by IP + password, and the travelers are authenticated by password + something. Lots of options for the +something of course, installing certificates and using an web based email or ssl vpn. --Ralph
Hey everyone, I work at an ISP and we constantly have issues with SMTP Auth attacks where spammer's use correct customer credentials to use our mail servers as relay (closed relay? is there such a thing?). So far we have tried the following: * User education (insert delirious laughter) - seriously, this seems to never work. * Force strong passwords - this doesn't work for customers answering phishing emails for their username/password * IP restrictions - this causes lots of complaints as customers travel and want to still use SMTP * Outgoing message limits on authenticated user - it only seems to takes a handful of annoyed users to be blocked from places like Hotmail/Yahoo so this doesn't work. There are no brute force attempts on our servers as the attackers have figured out that our customer base is to put it lightly, non-techies who reply to any email that asks for their password. Also should mention we are using Debian servers with Postfix for SMTP. The problem basically is that by the time our mailq alarms Does anyone have any ideas or wants to mention something that I've missed? Google-fu pretty much tells me to turn SMTP Auth off but unfortunately this isn't an option. Cheers, Ali _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- SMTP auth attacks Ali Emirlioglu (Sep 10)
- SMTP auth attacks Ralph Durkee (Sep 11)