Am 12.04.2014 19:44, schrieb o...@field.hu: > I totally agree with you guys, SASL auth is already implemented, BUT... there > are a couple thousand mailboxes and > part of them have weak password as it turned out. Spam bots finds out the > password and spam the world from my > server. It never happened with pop-before-smtp (imap is also working with pop > before smtp just to know :). I > installed fail2ban, but spam bots come from different IPs every time. SASL > was implemented a week ago, 3 spam flood > happened since then... any idea how to avoid it? > > On 2014-04-12 19:19, Robert Schetterer wrote: >> Am 12.04.2014 18:34, schrieb Bánhalmi Csaba: >>> Hi All, >>> >>> I am using pop-before-smtp with postfix 2.9 to authenticate my users for >>> years. Now I updated postfix to 2.11 (then I tried with 2.10) and >>> pop-before-smtp is not working. Also tried with different >>> pop-before-smtp script, but it seems postfix doesn't take into account >>> the fact that there is a "check_client_access >>> hash:/usr/local/etc/postfix/pop-before-smtp" line in >>> "smtpd_recipient_restrictions =" section. When I downgrade to 2.9 it >>> works again flawlessly. Can you guys help me? >>> >>> Thank you and best regards, >>> Csaba >> >> No way , simply dont do it !!!
please solve the problem with weak passwords for the sake of security if you care about your users and most likely the same passwords are used for IMAP/POP3 now after "Heartbleed" it is a perfect moment to educate *any* user change it's password and give them a tool to do so, generate secure passwords and if choose manually ones make sure with cracklib they are secure / state of the art yes, it's a hard work, yes - i have not much fun after doing that the last recent days but it has to be done without workarounds
