On Fri, 2013-08-23 at 16:00 -0500, Lindsay Haisley wrote:
> > Do you mean you wouldn't have conceded the relay auth flag to that user
> > of yours?  Based on what, if you don't mind my asking?  You may be able
> > to estimate who is more likely to catch a key-logger, but there's no way
> > to tell for sure...
> 
> As a rule, I don't provide SMTP services to any FMP customers by
> default.  Since FMP is an IPP, not an ISP, I encourage users to use the
> SMTP services provided by their ISPs.

It's interesting to note that the user whose auth tokens were
compromised to use my mail server to send spam _was_ using her ISP's
SMTP server for sending email, as I generally advise.  Because of the
programming hiccup, it happened that her POP3/IMAP credentials could
also be used to access authenticated SMTP on the server, so the hack
used to send spam was out-of-band and an exploit of a vulnerability on
_my_ end as well as a virus on her end.

-- 
Lindsay Haisley       | "UNIX is user-friendly, it just
FMP Computer Services |       chooses its friends."
512-259-1190          |          -- Andreas Bogk
http://www.fmp.com    |


------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to