Re: [mailop] How to detect fraud login in POP IMAP or SMTP?

Tue, 21 Sep 2021 09:55:32 -0700 

Use RATS-AUTH to block auth attacks, from known dedicated IP(s) ;)

Block AUTH from Amazon/Gcloud/Azure by default

Consider transparent 2FA like CLIENTID
Fail2Ban is a stop gap mentioned often on the list.. but be careful, as it might block a large CGNAT range.
Country authentication controls are very effective if used wisely, but the MOST IMPORTANT THING!! 

Stop allowing unencrypted AUTH.. eg port 110, 143, 25.
#didyouknow that by turning off unencrypted AUTH you can reduce compromised accounts by as much as 90%? 


On 2021-09-21 8:08 a.m., Alessio Cecchi via mailop wrote:

Hi,
we are an email hosting provider, and as you know many users use weak passwords, or have trojan on their PC that stolen their password that are used to sent spam or doing some kinds of fraud.
We already have a "script" that checks, from log files, the country of the IP address and "do something" to detect if is an unusual login. But is not really sufficient. 

For "do something" I means:

- too many logins from different country
- too many fast login
So we are always looking for a system/software/service/script to detect login to POP IMAP or SMTP not made by the user. 

I have also test the AWS SageMaker IP Insights service but without success.

Have someone experienced about these problems?
Thanks

--
Alessio Cecchi
Postmaster @http://www.qboxmail.it
https://www.linkedin.com/in/alessice


_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop





--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop

Reply via email to