On 24/4/2011 5:09 πμ, Evan Platt wrote:
Enforce a better password policy - our work password policy is minimum
My 2c:Check your server logs to see if someone found some password(s) by brute-force (you'll see multiple failed logins).
* If yes, enforce a strict password policy as suggested and use e.g.
fail2ban to stop brute-force attacks.
* If not, some of your users either use your system to spam or they
have leaked (intentionally or unintentionally) their login info to
some spammer. A strict (but fair) policy is to ban accounts that
spam (because if someone's account is spamming, the user concerned
is held liable), until at least the user concerned demonstrates
that he/she has undergone a thorough check of their systems (used
to send mail) for viruses/malware and that they adhere to network
(incl. mail) acceptable use policy (which must exist and be
observed).
In any case, any user/organization offering public webmail and/or
SASL-authenticated remote smtp login, MUST use strict password policies
AND enforce brute-force blocks (using fail2ban and/or other similar
custom or standard scripts / plugins etc.).
In each case the problem is to find HOW they gained access to your system, and you MUST find the cause, to be able to effectively manage your server(s).
Cheers, Nick
smime.p7s
Description: S/MIME Cryptographic Signature
