I think you are trying to put a band aid on a bigger problem. Are you sure that it is a number of hacked accounts and not a hacked machine? Are you sure your mail server has not been turned into a spambot?
If they know the passwords they learned them one of three ways, with a sniffer, which means something on your network is compromised, directly from the server, which means the server is compromised or if you keep a lists of passwords locally that access to the list is compromised. You need to find the hole and change all passwords, if it is really a password leak. Roger David E. Smith wrote: > Lately, I've had a rash of attackers from Nigeria, who have acquired (through > whatever means) legitimate logins and passwords for my Imail users. They log > in, send out a couple thousand emails, and log out. There are no failed > logins, so even an over-zealous account lockout policy wouldn't work in this > instance. > > They only send to five or ten recipients at a time, so they avoid most of the > rate-limiting features. But through the magic of cut-and-paste, they're able > to get a few thousand messages an hour sent out. > > All the attackers come from IP space listed on ng.blackholes.us, and I'm > willing to annoy any legitimate users of mine that might be vacationing in > Lagos. > > Anyone know of a way to apply DNS blacklists to a Web site in IIS, comparable > to mod_dnsbl for Apache? > > David Smith > MVN.net > > > To Unsubscribe: http://imailserver.com/support/discussion_list/ > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://imailserver.com/support/kb.html > > To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
