SMTP auth attacks

[ali.emirlioglu at gmail.com (Ali Emirlioglu)]

Hey everyone,

I work at an ISP and we constantly have issues with SMTP Auth attacks where
spammer's use correct customer credentials to use our mail servers as relay
(closed relay? is there such a thing?). So far we have tried the following:

* User education (insert delirious laughter) - seriously, this seems to
never work.
* Force strong passwords - this doesn't work for customers answering
phishing emails for their username/password
* IP restrictions - this causes lots of complaints as customers travel and
want to still use SMTP
* Outgoing message limits on authenticated user - it only seems to takes a
handful of annoyed users to be blocked from places like Hotmail/Yahoo so
this doesn't work.

There are no brute force attempts on our servers as the attackers have
figured out that our customer base is to put it lightly, non-techies who
reply to any email that asks for their password. Also should mention we are
using Debian servers with Postfix for SMTP.

The problem basically is that by the time our mailq alarms

Does anyone have any ideas or wants to mention something that I've missed?
Google-fu pretty much tells me to turn SMTP Auth off but unfortunately this
isn't an option.

Cheers,
Ali
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090911/907b03c5/attachment.htm