I am using PLAIN text passwords I'm afraid. I will be changing that now though. I very tired of these password hacks.
Since this will be a new process for me I have questions: In changing the server to require encrypted passwords, will I need to contact all my clients and have them change the way they connect? Or will their email clients just automate the change? >________________________________ > From: "c...@milos.co.za" <c...@milos.co.za> >To: vchkpw@inter7.com >Sent: Wednesday, March 5, 2014 6:45 AM >Subject: [vchkpw] [SPAM] Re: [vchkpw] [SPAM] Re: [vchkpw] [SPAM] Re: [vchkpw] >Qmail maillog vchkpw-submission vs vchkpw-smtp > > > >It doesn't matter how good your password is if you're using plaintext >connections :) >Since every MUA I've used i nthe last few years supports SSL or TLS I should >really get around to deprecating pop3 and imap and only using pop3s and imaps. >This is especially imporant since some govts are trying to push through laws >forcing ISP's to store all of the data each of their users downloads meaning >that your unencrypted data will remain stored for however long is legislated >with access by who knows how many people. > >\\Clay > >On 2014-03-05 07:57, Tom Collins wrote: >The submission entries outside the US could very well be from hacked accounts. >> >>I'm finding a surprising number of compromised accounts (once a week?), >>including users with good passwords, so I have to assume they're snooped on >>public wireless, or their computers are compromised by malware of some sort. >> >>The vckpw-smtp entries from outside the US are probably also hacked accounts, >>since mail received from remote servers doesn't include authentication. >>Sorry I wasn't thinking clearly in my previous response -- I forgot these >>were vchkpw entries and are only related to authentication. I was thinking >>about qmail logs. >> >> >>-Tom >> >>On Mar 4, 2014, at 10:43 PM, LHTek wrote: >> >>Thanks for the reply. >>> >>>NOTE: None of my users will have sent anything from outside the US. >>> >>>I've got some log entries for vchkpw-submission (marked as successful in the >>>log) with non-US IP's (Russia, Egypt, Honk Kong, etc).In my analysis I'm >>>marking those entries as hacked accounts. >>> >>> >>>From what I read from your response, vchkpw-smtp (marked as successful in >>>the log) entries could be mail sent TO my server FROM another server on port >>>25. That tells me those are probably safe submissions - even if they are >>>from overseas IPs. Am I thinking correctly? >>> >>> >>> >>> >>> >>> >>>>________________________________ >>>>From: Tom Collins <t...@tomlogic.com> >>>>To: vchkpw@inter7.com >>>>Sent: Wednesday, March 5, 2014 12:02 AM >>>>Subject: Re: [vchkpw] Qmail maillog vchkpw-submission vs vchkpw-smtp >>>> >>>> >>>> >>>>vchkpw-submission is on port 587, and is typically used for emai clients >>>>relaying mail. It's often set up to require authentication. >>>> >>>>vchkpw-smtp is on port 25, and can be used for email clients to relay mail, >>>>or by other servers delivering mail to your server. >>>> >>>> >>>> >>>>-Tom >>>> >>>>On Mar 4, 2014, at 9:41 PM, LHTek wrote: >>>> >>>>In the /var/log/maillog file what is the difference between these 2 entries >>>>(vchkpw-submission, vchkpw-smtp)? >>>>> >>>>>example: >>>>>Mar 4 17:27:03 michael vpopmail[14701]: vchkpw-submission: (PLAIN) login >>>>>success t...@domain.com:64.185.3.238 >>>>>Mar 4 10:54:42 michael vpopmail[29027]: vchkpw-smtp: (PLAIN) login >>>>>success t...@domain.com:64.57.239.114 >>>>> >>>>> >>>> >>>> > > > > !DSPAM:531743f234265098613353!
