Charles Gregory wrote:
On Sun, 9 Aug 2009, Res wrote:
To be truthful, I have been doing this by default here, as well, but
find that it creates some problems for some users. So I am thinking
about opening up SMTP-AUTH ports. Trouble is (and its semi-relevance to
this list) I have to wonder if I am opening myself up to a significant
risk of
having one of my user's passwords hijacked and used to send spam?
Will I be just opening up opportunities for spammers to use my server
with stolen passwords, or is this a relatively rare occurence?
I can't speak for others but at my main job (20K+ email accounts) it
happens about once every 2 month's or so. Some how the spammer gets a
hold of someone's password and either uses smtp-auth or webmail to send
out spam.
How ever, I know of two other companies that I do consulting for where
it happens almost weekly (one of them, 4 different users in the past 2
weeks). Both of these companies have their web presence and email
hosted on the same machine, so it would not surprise me if the passwords
had been some how compromised.
Just my $0.02.
Rick
