Andrew McGlashan: > On 13/10/2015 7:15 PM, Jochen Spieker wrote: >> >> Stuart Longland: I had a similar case on my self-administered mail >> host. A friend of mine has an account there and random hosts from >> all over the world used his credentials to send legitimately >> looking spam. We never found out how this happened but changing the >> password was enough to make it stop. > > Odds on it was open WiFi somewhere, people trust public WiFi
My services do not allow him to send the password unencrypted, be it
over SMTP, IMAP or HTTP. So even if he had used an insecure network,
someone would still have had to MITM the TLS connections in order to
capture the password. I am not completely sure whether he would have
noticed that, but I do think so. And he said he didn't use this password
anywhere else.
Given that information, one probably has to assume that one of his
machines is infected.
J.
--
I often play sports / do exercise.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
signature.asc
Description: Digital signature
