Educause Security Discussion mailing list archives
Re: Compromise Email Accounts
From: "Sabo, Eric" <Eric.Sabo () CUP EDU>
Date: Thu, 29 Jan 2009 20:15:33 -0500
We are seeing this also. How is everyone handling this? -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russell Fulton Sent: Thursday, January 29, 2009 7:20 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Compromise Email Accounts On 22/01/2009, at 3:59 AM, Richard Miller wrote:
Detection --------- - Monitor queue lengths. - What else can be monitored?
I have some ruby code that attempts to detect spam runs from local address by monitoring postfix logs on our out going mail servers. Currently I have tested/tuned it on historical data but have not run it 'live' and wired into Nagios and scripts that will block email based on From: headers. Current idea is to send back a non fatal 450. We have not had many compromised accounts (3 in the last 12 months) but the most recent was an account on an exchange server rather than our Horde system which I already had monitored. So I decided to move the monitoring to the gateway. Russell.
Current thread:
- Compromise Email Accounts Richard Miller (Jan 21)
- <Possible follow-ups>
- Re: Compromise Email Accounts Mike Iglesias (Jan 21)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Zach Jansen (Jan 21)
- Re: Compromise Email Accounts Roger Safian (Jan 21)
- Re: Compromise Email Accounts Mike Porter (Jan 21)
- Re: Compromise Email Accounts Schumacher, Adam J (Jan 21)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Russell Fulton (Jan 29)
- Re: Compromise Email Accounts Sabo, Eric (Jan 29)
- Re: Compromise Email Accounts Joe Vieira (Jan 30)
- Re: Compromise Email Accounts Russell Fulton (Feb 02)
- Re: Compromise Email Accounts Daniel Bennett (Feb 03)
- Re: Compromise Email Accounts Steven Tardy (Feb 03)
- Re: Compromise Email Accounts Jeremy Mooney (Feb 03)
- Re: Compromise Email Accounts Steven Tardy (Feb 03)
- Re: Compromise Email Accounts Jeremy Mooney (Feb 04)
- Re: Compromise Email Accounts Kellogg, Brian D. (Feb 04)