Sorry for this OT post .. but I think this is a common problem for all postfix admins
We run smtp services for our clients using smtp-auth. And nowadays we also enforce a strong password (minimum alphanumeric) But still people's passwords get compromised. Even a relatively strong password. To save our postfix servers I have implemented rate-limits , and outgoing spam scanning. We identify the accounts quickly and change the passwords , but in the end we have a frustrated client whose genuine mails are not going because of a compromised account. How do spammers get these passwords ?? Thanks Ram
