On Wed 14/Nov/2012 06:57:14 +0100 Andy Gajetzki wrote: > > We have a small mail server for our organization handling both > incoming and outgoing mail smtp auth. One of the users had a weak > password, and a brute forcer got a hold of it. They sent about 1.1 > million messages before I noticed. We generally trust our users not to > send that many messages, so the throttling issue has never come up. Is > there a mechanism in courier that would prevent this from happening > again? How do you guys with big mail servers prevent this from > happening?
The solution that comes to mind is to have a filter tracking how many messages per hour, say, each user has already sent. I don't have such software up, yet; but thanks for the heads-up. My server is smaller than yours. I block IPs after failed login, and until now I've hoped that to be enough. Might I ask you what amounts of time and attempts did the attacker need to break in? -- ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users