On Mon 03/Nov/2014 19:48:55 +0100 I wrote: > > For example, as I use MySQL, I could add a "badpw" field in the user table, > and > craft a select statement that returns the honeypot's username when the input > local_part matches the compromised password instead of the good one.
I cannot, of course. I don't have the password (just the user-id) and there's no way I could have it if the client used cram-*. So, it seems I should add a module rather than a column. Correct? Is it possible to add authmysql twice (and have them behave differently)? Ale > That way I can also get rid of the verbose output of DEBUG_LOGIN=2, so long > as 535s stay limited to the usual, innocuous attempts. > > A filter would shoot on sight at honeypot's authenticated posts, and direct > them to some script that either recognizes the spam template or keeps the > message quarantined. The idea is to report the compromised web site appearing > in the message body, so as to cause some friction. (The bot's IP could also > be > reported --more easily-- but I'm not sure an ISP would bother acting on it.) ------------------------------------------------------------------------------ _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
