subject:"Re\: non\-existent users submitting email qmgr as localhost"

Re: non-existent users submitting email qmgr as localhost

2015-12-18 Thread Noel Jones

On 12/18/2015 12:18 PM, Ben Greenfield wrote: > >> On Dec 18, 2015, at 12:35 PM, Noel Jones wrote: >> - consider using >> http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch >> to reject messages where the MAIL FROM address doesn't match the >> SASL username. This won't prevent t

Re: non-existent users submitting email qmgr as localhost

2015-12-18 Thread Ben Greenfield

> On Dec 18, 2015, at 12:35 PM, Noel Jones wrote: > > On 12/17/2015 4:16 PM, Ben Greenfield wrote: >> I reset rgarrity’s password and things have been quiet. >> >> In my effort to understand what was happening let me describe what I think >> happened. >> >> Someone got ahold of rgarrity’s pa

Re: non-existent users submitting email qmgr as localhost

2015-12-18 Thread Noel Jones

On 12/17/2015 4:16 PM, Ben Greenfield wrote: > I reset rgarrity’s password and things have been quiet. > > In my effort to understand what was happening let me describe what I think > happened. > > Someone got ahold of rgarrity’s password. Yes. (or rgarrity went rogue) > With that password t

Re: non-existent users submitting email qmgr as localhost

2015-12-17 Thread Ben Greenfield

I reset rgarrity’s password and things have been quiet. In my effort to understand what was happening let me describe what I think happened. Someone got ahold of rgarrity’s password. With that password they were able to craft emails with forged headers that appeared to spawn new messages to di

Re: non-existent users submitting email qmgr as localhost

2015-12-17 Thread Noel Jones

On 12/17/2015 4:03 PM, Ben Greenfield wrote: > Thank your for the tips. > > I just found this which looked wrong to me. > > I got this 433039B83D9A message id from the bad message sent by > bjbear...@cogs.com . Then I traced it > back and see the message id come from an

Re: non-existent users submitting email qmgr as localhost

2015-12-17 Thread Ben Greenfield

Thank your for the tips. I just found this which looked wrong to me. I got this 433039B83D9A message id from the bad message sent by bjbear...@cogs.com . Then I traced it back and see the message id come from an actual user, rgarrity. Am I reading that correctly is t

Re: non-existent users submitting email qmgr as localhost

Re: non-existent users submitting email qmgr as localhost

Re: non-existent users submitting email qmgr as localhost

Re: non-existent users submitting email qmgr as localhost

Re: non-existent users submitting email qmgr as localhost

Re: non-existent users submitting email qmgr as localhost

6 matches

Site Navigation

Mail list logo

Footer information