A relatively recent development that spammers got wind of is users that
have username==password, with/without the domain.
I am tracking numerous 1-off attempts from bots to gain access to
mailboxes this way.
Situation isn't made any better if you're also using dovecot as SMTP
AUTH provider for I am ashamed to admit I've relayed some spam that way.
Would it be possible to deny login if username==password with a
(non?)polite/custom message to go change your password to something less
obvious ?
- [Dovecot] Feature request: usernames and password... Thanos Chatziathanassiou
- Re: [Dovecot] Feature request: usernames and... Timo Sirainen
- Re: [Dovecot] Feature request: usernames... Thanos Chatziathanassiou
- Re: [Dovecot] Feature request: usern... Timo Sirainen
- Re: [Dovecot] Feature request: u... Thanos Chatziathanassiou
- Re: [Dovecot] Feature reque... Pascal Volk
- Re: [Dovecot] Feature request: u... Leonardo Rodrigues
- Re: [Dovecot] Feature reque... Martijn de Munnik
- Re: [Dovecot] Feature r... Leonardo Rodrigues
- Re: [Dovecot] Feature reque... Eduardo M KALINOWSKI
- Re: [Dovecot] Feature r... Leonardo Rodrigues
