On 11/8/2011 1:13 AM, Geert Mak wrote: > We had a user account hacked (weak password) and our SMTP server was used for > sending spam. We discovered it after our mail server IP began to show up in > RBLs. We improved the passwords, however the question is how best to watch > the server in case a similar thing happens again.
1. Create and enforce a minimum password complexity policy, preferably on your web based account creation page, something like: http://www.webresourcesdepot.com/10-password-strength-meter-scripts-for-a-better-registration-interface/ 2. Install/configure http://www.policyd.org/ Create an outbound policy limiting users to 30 messages/hour, or one message every 2 minutes. This will mitigate the damage the next time an account is hijacked. Season to taste. -- Stan
