I think you are trying to put a band aid on a bigger problem.

Are you sure that it is a number of hacked accounts and not a hacked
machine?
Are you sure your mail server has not been turned into a spambot?

If they know the passwords they learned them one of three ways, with a
sniffer, which means something on your network is compromised, directly
from the server, which means the server is compromised or if you keep a
lists of passwords locally that access to the list is compromised.

You need to find the hole and change all passwords, if it is really a
password leak.

Roger


David E. Smith wrote:
> Lately, I've had a rash of attackers from Nigeria, who have acquired (through 
> whatever means) legitimate logins and passwords for my Imail users. They log 
> in, send out a couple thousand emails, and log out. There are no failed 
> logins, so even an over-zealous account lockout policy wouldn't work in this 
> instance. 
>
> They only send to five or ten recipients at a time, so they avoid most of the 
> rate-limiting features. But through the magic of cut-and-paste, they're able 
> to get a few thousand messages an hour sent out.
>
> All the attackers come from IP space listed on ng.blackholes.us, and I'm 
> willing to annoy any legitimate users of mine that might be vacationing in 
> Lagos.
>
> Anyone know of a way to apply DNS blacklists to a Web site in IIS, comparable 
> to mod_dnsbl for Apache?
>
> David Smith
> MVN.net
>
>
> To Unsubscribe: http://imailserver.com/support/discussion_list/
> List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ: http://imailserver.com/support/kb.html
>
>   



To Unsubscribe: http://imailserver.com/support/discussion_list/
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://imailserver.com/support/kb.html

Reply via email to