ram wrote:
Sorry for this OT post .. but I think this is a common problem for all
postfix admins
We run smtp services for our clients using smtp-auth. And nowadays we
also enforce a strong password (minimum alphanumeric)
But still people's passwords get compromised. Even a relatively strong
password. To save our postfix servers I have implemented rate-limits ,
and outgoing spam scanning.
We identify the accounts quickly and change the passwords , but in the
end we have a frustrated client whose genuine mails are not going
because of a compromised account.
How do spammers get these passwords ??
Easy: think of windows worms who steal passwords from the client machines...
/mjt
