On Thu, 24 Jun 2010 20:41:59 Stan Hoeppner wrote: > Michael put forth on 6/24/2010 3:07 AM: > > I want to be able to monitor SASL users to get quick notification if > > something is out of the ordinary - like a spammer using a compromised > > account to send emails. > > > > What tool(s) can be used to achieve this? > > Given the nature of your requirement, you're probably not going to find a > Postfix tool or set of tools that will "notify" you when an account has > been hijacked. How would software be able to determine when a user > password has been phished?
What happens in these instances is the spammers start sending *lots* of email, and it was on this basis I wanted to sound an alarm. > feedback loops at the major (free)mailers and ISPs. If brute force attacks > against weak passwords is the problem, there are well documented methods > for dealing with that, such as a fail2ban implementation. There is a system already in place to lockout where the password is incorrect. Unfortunately users are sometimes stupid and through social engineering they part with the details.
