Unfortunately our password policy is nasty (12 characters with upper and lowercase and some non--standard stuff... I make the passwords up for them). By setting up a user's password right the first time and lowering the limit on bad log in attempts, dictionary attacks would be thwarted to a fair degree.
I do believe that my network was sniffed though as I found records of multiple port scans in my VPN concentrator and PIX firewall's log files. The only other possibility that stands out is that one of the employees is using our e-mail at home and somehow or another intentionally or inadvertently divulged his password information. For me I would rather set up one hellatious password once than have to deal with dummy sales people in China or Hong Kong calling me up at 4:30am to tell me that they changed their password and forgot it. Since SSL already is supported with web-messaging then why not make the feature compatible with e-mail clients that already have support for it? C. Douglas Mays Jr. Network Engineer In Zone Companies "ALL F*****G SPAMMERS MUST F*****G HANG!!!!!!!!!!" To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
