On Wed, May 19, 2010 at 07:03:12AM -0400, Charles Marcus wrote: > On 2010-05-19 6:33 AM, Stan Hoeppner wrote: > > Then just delete the 20K messages from the queue using postsuper > > within a script and reset the password on the compromised account. > > He wasn't asking how to delete the queued messages, he was looking for a > way to limit the damage if a user account gets compromised in the future > (this subject has come up before), and rate-limiting is one way to do > that. Enforcing strong passwords is another. > With replies to phishing attempts and keyboard/password sniffers, limiting the damage is often the first step and can also be used to help identify the compromised accounts. Strong passwords do not help in these situations.
Cheers, Ken
