Hello, Just out of curiosity how do you let your users change their passwords?
2009/7/18 Charles Sprickman <sp...@bway.net>: > On Sat, 18 Jul 2009, ram wrote: > >> We run smtp services for our clients using smtp-auth. And nowadays we >> also enforce a strong password (minimum alphanumeric) >> But still people's passwords get compromised. Even a relatively strong >> password. To save our postfix servers I have implemented rate-limits , >> and outgoing spam scanning. >> [...] >> How do spammers get these passwords ?? > > I see our users hit with phishing attempts every few months, and the pattern > seems to be that once one phishing attempt hits, there's a few more in the > same week. Usually shortly thereafter we find at least one account that is > being abused either at the smtp or webmail level to spew spam. > > Oddly enough, the "quality" of the phish does not seem to change the numbers > - the truly ridiculous ones that are written in broken english and have > quite farcical return addresses seem to work as well as the more carefully > forged ones. Each time we block the reply address(es) and send a warning > message stating again that we "will never ask you for your password". Yet > each time someone falls for it... > > Charles > >> >> Thanks >> Ram >> >> >> > -- Regards, Damian Myerscough
