On Mar 3, 2009, at 3:32, "Benny Pedersen" wrote:
On Mon, March 2, 2009 17:27, Joseph Brennan wrote:
LuKreme wrote:
unless you are suggesting that they are MANUALLY logging into the
webmail to then send 1 billion spams, yes it will.
bots can do anything when login and password is known to th
We're seeing some of this too. The Nigerian phishes for a few accounts
here and there probably acquired from a spammer email list, and uses one
webmail system to email users on their other webmail system. They send
something official looking asking for passwords, banking numbers, birth
dates, e
On Mon, March 2, 2009 17:27, Joseph Brennan wrote:
> LuKreme wrote:
>> unless you are suggesting that they are MANUALLY logging into the
>> webmail to then send 1 billion spams, yes it will.
bots can do anything when login and password is known to them
> That is an interesting point. OK. I do
LuKreme wrote:
unless you are suggesting that they are MANUALLY logging into the
webmail to then send 1 billion spams, yes it will.
That is an interesting point. OK. I don't know whether they do a
manual login to get a session open before they run the software they
use to dump spam.
Jose
Using Ratelimit in Exim MTA and plugin "Restrict Senders" in
Squirrelmail slows them down. Spammers need to send out large number
of messages to get any payback. Limiting the number they can send
with a compromised account really makes that account of no value to
them.
Matt
On Sun, Mar 1, 2009
giga328 writes:
> I looked at Received headers and unfortunately, Received headers added by
> our webmail are not standard ones. Except for the proxy.IP in the following
> example, all IPs and all FQDNs are from our servers. Here is the (ugly)
> example:
>
> Received: from our.domain ([our.webma
Am 2009-03-01 13:04:49, schrieb LuKreme:
> unless you are suggesting that they are MANUALLY logging into the
> webmail to then send 1 billion spams, yes it will.
Break them out, by allowing to send only 10 messages per hour from the
Webinterface... This is what I do here and it works quiet we
Am 2009-03-01 15:31:45, schrieb giga328:
>
> Nice idea. We were considering this for a long time because our mail server
> has built in support for email throttling. Luckily for me, configuring it
> will be done by my colleague as it is his part of the job. Tomorrow morning
> I will happily inform
Nice idea. We were considering this for a long time because our mail server
has built in support for email throttling. Luckily for me, configuring it
will be done by my colleague as it is his part of the job. Tomorrow morning
I will happily inform him that throttling is needed and suggested by som
Thank you Joseph,
I'm glad that it is social engineering and not some virus problem. I will
arrange that all users are informed that they will never be asked for their
passwords by email and we will see if in some time number of issues will
fall down.
Giga
Joseph Brennan wrote:
>
>
> If it's
Hi Greg,
I looked at Received headers and unfortunately, Received headers added by
our webmail are not standard ones. Except for the proxy.IP in the following
example, all IPs and all FQDNs are from our servers. Here is the (ugly)
example:
Received: from our.domain ([our.webmail.private.IP])
by
On 1-Mar-2009, at 12:50, Joseph Brennan wrote:
If your users are consistently getting their passwords stolen,
then your
users are idiots and you will need to do something like add a
captcha to
the webmail login page.
If it's the Nigerian gangs that have been attacking university web
mai
If your users are consistently getting their passwords stolen, then your
users are idiots and you will need to do something like add a captcha to
the webmail login page.
If it's the Nigerian gangs that have been attacking university web mail
for about 12 months now, they are phishing your
On 1-Mar-2009, at 06:47, giga328 wrote:
Spammers are stilling passwords from some of our users by using
viruses
(passwords are stolen, not guessed or brute force cracked).
Spammers have application which is able to authenticate to our webmail
interface and post email :)
If your users are con
giga328 writes:
> After posting email by webmail interface, message is routed to our outgoing
> SMTP server. It is scanned by spamd from SpamAssassin but it get low score.
> Low score is from tests ALL_TRUSTED and/or BAYES_xx and/or AWL.
> I'm not sure if we can remove webmail IP address from tr
Hi!
We have some strong spam attacks done by combination of our webmail, viruses
and open proxies.
Situation is like this:
Our outgoing SMTP server is open only for users from our IP addresses and is
filtered for rest of the world. Our webmail interface is open to whole world
as our users need
On Sun, March 1, 2009 14:47, giga328 wrote:
> We have some strong spam attacks done by combination of our webmail,
> viruses and open proxies.
do you just trust email senders if thay are loged in to not spam
check it before leaving your network ?
(rest skipped]
--
http://localhost/ 100% uptime
17 matches
Mail list logo
