On 9/21/2013 7:10 PM, Homer Wilson Smith wrote:
I have an outgoing-only mail server for our customers called
smtp.lightlink.com. It only allows relaying from local IP's,
and known virtual domains if remote users wish to use it.
We were fine when we were running pop before smtp authentication,
but I was forced to also allow SASL authentication.
More and more people are having their passwords compromised, I
have no idea how it happens, one person had it compromised twice in
one day after I changed it the first time.
There are no false tries on the user account, until the spam
starts coming in with the correct password, then its 64,000 pieces of
mail forever and ever until I stop it.
So one, how are passwords being compromised with out brute force
attacks showing up on the server?
I have had a few clients over the last few months that apparently had a
key tracker virus on their systems. Same problem. Password stolen. Reset
password... password stolen again in just a few hours. Customers removed
viruses from computer. Problem stopped.
--
John Hinton
877-777-1407 ext 502
http://www.ew3d.com
Comprehensive Online Solutions
