Homer Wilson Smith:
>
> I have an outgoing-only mail server for our customers called
> smtp.lightlink.com. It only allows relaying from local IP's,
> and known virtual domains if remote users wish to use it.
>
> We were fine when we were running pop before smtp authentication, but
> I was forced to also allow SASL authentication.
>
> More and more people are having their passwords compromised, I have no
> idea how it happens, one person had it compromised twice in one day after
> I changed it the first time.
>
> There are no false tries on the user account, until the spam starts
> coming in with the correct password, then its 64,000 pieces of mail
> forever and ever until I stop it.
Use postfwd (www.postfdw.org) or the like to rate-limit mail clients.
> So one, how are passwords being compromised with out brute force
> attacks showing up on the server?
They compromise the mail client host and steal login credentials,
or they phish the user, and make them give their login credentials
to a rogue server.
Wietse
