Re: [courier-users] Turning accounts into honeypots
On Mon 03/Nov/2014 19:48:55 +0100 I wrote: For example, as I use MySQL, I could add a badpw field in the user table, and craft a select statement that returns the honeypot's username when the input local_part matches the compromised password instead of the good one. I cannot, of course. I don't have the password (just the user-id) and there's no way I could have it if the client used cram-*. So, it seems I should add a module rather than a column. Correct? Is it possible to add authmysql twice (and have them behave differently)? Ale That way I can also get rid of the verbose output of DEBUG_LOGIN=2, so long as 535s stay limited to the usual, innocuous attempts. A filter would shoot on sight at honeypot's authenticated posts, and direct them to some script that either recognizes the spam template or keeps the message quarantined. The idea is to report the compromised web site appearing in the message body, so as to cause some friction. (The bot's IP could also be reported --more easily-- but I'm not sure an ISP would bother acting on it.) -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Turning accounts into honeypots
Alessandro Vesely writes: On Mon 03/Nov/2014 19:48:55 +0100 I wrote: For example, as I use MySQL, I could add a badpw field in the user table, and craft a select statement that returns the honeypot's username when the input local_part matches the compromised password instead of the good one. I cannot, of course. I don't have the password (just the user-id) and there's no way I could have it if the client used cram-*. So, it seems I should add a module rather than a column. Correct? Is it possible to add authmysql twice (and have them behave differently)? Nope. You could list authmysql twice, but each instance uses the same config file. pgpAgHtoqnps4.pgp Description: PGP signature -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Turning accounts into honeypots
On 07/11/14 21:52, Sam Varshavchik wrote: Is it possible to add authmysql twice (and have them behave differently)? Nope. You could list authmysql twice, but each instance uses the same config file. Maybe falling over to different auth backends might work but, Sam, it would be really neat to somehow have sane multiple auth options. For instance I would love to have separate imap/pop and smtp auth passwords so if a users incoming mail password is compromised the virus/bot still can't send out using the same account (assuming the user takes advantage of multi passwords). -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Turning accounts into honeypots
Mark Constable writes: On 07/11/14 21:52, Sam Varshavchik wrote: Is it possible to add authmysql twice (and have them behave differently)? Nope. You could list authmysql twice, but each instance uses the same config file. Maybe falling over to different auth backends might work but, Sam, it would be really neat to somehow have sane multiple auth options. For instance I would love to have separate imap/pop and smtp auth passwords so if a users incoming mail password is compromised the virus/bot still can't send out using the same account (assuming the user takes advantage of multi passwords). That's already doable with authmysql, authpgsql, or authsqlite. They can execute a custom SQL query. The $(service) variable expands to the service being authenticated. You could customize the query to have something like WHERE username='$(local_part)' AND service='$(service)', and have multiple entries in the table for each service being authenticated, each one with a different password. pgpcwwiNo5yb2.pgp Description: PGP signature -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] avfilter-3.2
Some bug fixes/added option here: http://www.tana.it/sw/avfilter/ It works with ClamAV 0.98.4 Ale -- ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
