On Wed 14/Nov/2012 06:57:14 +0100 Andy Gajetzki wrote:
> 
> We have a small mail server for our organization handling both
> incoming and outgoing mail smtp auth. One of the users had a weak
> password, and a brute forcer got a hold of it. They sent about 1.1
> million messages before I noticed. We generally trust our users not to
> send that many messages, so the throttling issue has never come up. Is
> there a mechanism in courier that would prevent this from happening
> again? How do you guys with big mail servers prevent this from
> happening?

The solution that comes to mind is to have a filter tracking how many
messages per hour, say, each user has already sent.  I don't have such
software up, yet; but thanks for the heads-up.

My server is smaller than yours.  I block IPs after failed login, and
until now I've hoped that to be enough.  Might I ask you what amounts
of time and attempts did the attacker need to break in?

-- 





























------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to