Hi Phil, Phil Cook wrote: > I'd like to relate to you all a little story of my experience with SORBS. A > little while back we had a spammer find a user account with a weak password > and used it to auth and send spam using it. This is a major problem. It seems to be the "flavour of the month" for spammers to exploit MTAs. It's happened to me, on two separate MTAs (running different mail software) in the last couple of months.
The problem is, it's not all that easy to: - a) Identify exactly which account was compromised b) Get thousands of mail users to change their passwords to something more secure... A lesser, but still real, problem is that it's actually very hard to have a truly secure password - that the user is able to remember. For example, some years ago, an MTA crashed, badly. I used one of the cracking tools, and fed it with all the usernames and known passwords. In 10 minutes, it had successfully cracked 87% of the passwords! After 24 hours of running, we had cracked all but a dozen passwords. We called those customers and asked them their passwords, and were up and running again. BTW: Even more fun - hMailServer for one appears to be unable to process passwords that contain punctuation characters, if those passwords are applied using a script - e.g. from a web form. So much for secure passwords! Any suggestions about dealing with (a) and (b) above? William ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
