has the payload.
That is the hack itself originates from an ISP, but they wget from Buyvm.
Original Message
From: walter.post...@wjd.nu
Sent: February 21, 2019 1:31 PM
To: postfix-users@postfix.org
Subject: Re: How to protect against compromised email account password
On 21-02-19 16:33
On 21-02-19 16:33, Dominic Raferd wrote:
> On Thu, 21 Feb 2019 at 15:23, John Stoffel wrote:
>> Unfortunately, some big ISPs have now blocked all Digital Ocean IP
>> Blocks, and wont' accept email, even though my domain is locked down,
>> doesn't spam, etc. They took the big hammer approach. Wh
El 21/02/2019 a las 16:33, Dominic Raferd escribió:
On Thu, 21 Feb 2019 at 15:23, John Stoffel wrote:
...
Unfortunately, some big ISPs have now blocked all Digital Ocean IP
Blocks, and wont' accept email, even though my domain is locked down,
doesn't spam, etc. They took the big hammer approac
On Thu, 21 Feb 2019 at 15:23, John Stoffel wrote:
...
> Unfortunately, some big ISPs have now blocked all Digital Ocean IP
> Blocks, and wont' accept email, even though my domain is locked down,
> doesn't spam, etc. They took the big hammer approach. Which sucks
> for me.
>
> So the question bec
l fail SPF. I
Gary> have to white users of their service.
I'm looking at Vultr VPS now as a test.
Gary> Original Message
Gary> From: j...@stoffel.org
Gary> Sent: February 21, 2019 6:08 AM
Gary> To: li...@lazygranch.com
Gary> Cc: postfix-users@postfix.org
Gary> Subject:
ix.org
Subject: Re: How to protect against compromised email account password
>>>>> "Gary" == Gary writes:
Gary> Number 4 is immensely useful. When I had a hosted service, I got hacked
from someone in Morocco via a Round Cube exploit that wasn't patched. (My
P
> "Gary" == Gary writes:
Gary> Number 4 is immensely useful. When I had a hosted service, I got hacked
from someone in Morocco via a Round Cube exploit that wasn't patched. (My
PayPal account subsequently hacked, though I had the account suspended.)
Gary> I saw two problems. One, I only u
Em 19/02/2019 23:39, Bill Cole escreveu:
Nothing is absolutely perfect but there are useful approaches, some
external to Postfix proper:
1. Rate limiting. Postfix has some of this (smtpd_client_*_limit
parameters) but you may be able to get more effective and subtle
limits via external tool
Am 19.02.2019 um 12:23 schrieb Christos Chatzaras:
We wrote a shell script that runs hourly and notifies us for SASL
authentications with IPs for at least 2 different countries in the
previous hour. In the future we plan to automatically change the
password if SASL authentications are from 3 dif
> On 21 Feb 2019, at 01:53, Benny Pedersen wrote:
>
> Matus UHLAR - fantomas skrev den 2019-02-20 10:59:
>>> Christos Chatzaras skrev den 2019-02-19 12:23:
Also we use Postfix relays with Rspamd checking the From header (we
don't allow users to spoof From address) and doing rate limi
Matus UHLAR - fantomas skrev den 2019-02-20 10:59:
Christos Chatzaras skrev den 2019-02-19 12:23:
Also we use Postfix relays with Rspamd checking the From header (we
don't allow users to spoof From address) and doing rate limits (500
e-mails / hour). If someones tries to send more e-mails then t
Matus UHLAR - fantomas skrev den 2019-02-20 10:59:
Christos Chatzaras skrev den 2019-02-19 12:23:
Also we use Postfix relays with Rspamd checking the From header (we
don't allow users to spoof From address) and doing rate limits (500
e-mails / hour). If someones tries to send more e-mails then t
Christos Chatzaras skrev den 2019-02-19 12:23:
Also we use Postfix relays with Rspamd checking the From header (we
don't allow users to spoof From address) and doing rate limits (500
e-mails / hour). If someones tries to send more e-mails then the extra
e-mails go to queue for later delivery. So
Am 20.02.2019 um 03:39 schrieb Bill Cole:
On 19 Feb 2019, at 5:56, Admin Beckspaced wrote:
Dear Postfix Users,
just recently the computer of a client got infected with malware and
the email password was compromised.
The bad guys immediately started sending out spam emails via our mail
serv
server and you can do whatever you want until you get caught.
Original Message
From: postfixlists-070...@billmail.scconsult.com
Sent: February 19, 2019 6:39 PM
To: postfix-users@postfix.org
Reply-to: postfix-users@postfix.org
Subject: Re: How to protect against compromised email account
On 19 Feb 2019, at 5:56, Admin Beckspaced wrote:
Dear Postfix Users,
just recently the computer of a client got infected with malware and
the email password was compromised.
The bad guys immediately started sending out spam emails via our mail
servers.
We got notified by our monitoring syst
> On 19 Feb 2019, at 16:20, Admin Beckspaced wrote:
>
> Thanks Christos,
>
> so I might want to look into rate limits.
> Have not looked into rspamd as I'm running postfix with amavis-new and
> spamassassin
> Is rspamd compatible with amavis-new?
>
> Thanks & greetings
> Becki
For virus sca
Thanks Christos,
so I might want to look into rate limits.
Have not looked into rspamd as I'm running postfix with amavis-new and
spamassassin
Is rspamd compatible with amavis-new?
Thanks & greetings
Becki
Am 19.02.2019 um 12:23 schrieb Christos Chatzaras:
We wrote a shell script that runs h
Hi Daniel,
thanks a lot for your insights ;)
Still collecting thoughts and strategies how other admins solve the
issue of a hacked email account.
Anyone?
Thanks & greetings
Becki
Am 19.02.2019 um 12:09 schrieb Daniel Armengod:
Hi Becki,
At our site we have a log monitoring script (ad-hoc) w
Christos Chatzaras skrev den 2019-02-19 12:23:
Also we use Postfix relays with Rspamd checking the From header (we
don't allow users to spoof From address) and doing rate limits (500
e-mails / hour). If someones tries to send more e-mails then the extra
e-mails go to queue for later delivery. So
We wrote a shell script that runs hourly and notifies us for SASL
authentications with IPs for at least 2 different countries in the previous
hour. In the future we plan to automatically change the password if SASL
authentications are from 3 different countries. This catches most of the hacked
Hi Becki,
At our site we have a log monitoring script (ad-hoc) which warns us
about "mass" authenticated smtp sessions, and also automatically
triggers a user disable on certain criteria, in this case:
- That sent emails exceed a threshold on a given time interval,
- *That there are numerous orig
Dear Postfix Users,
just recently the computer of a client got infected with malware and the
email password was compromised.
The bad guys immediately started sending out spam emails via our mail
servers.
We got notified by our monitoring system a bit later ... and fixed things
But lots and l
23 matches
Mail list logo
