On 9/21/21 08:08, Alessio Cecchi via mailop wrote:
Hi,
we are an email hosting provider, and as you know many users use weak
passwords, or have trojan on their PC that stolen their password that
are used to sent spam or doing some kinds of fraud.
Fail2ban for weak passwords.
There are also scripts that can test for weak and common passwords.
Enforce strong passwords. Length trumps complexity.
We already have a "script" that checks, from log files, the country of
the IP address and "do something" to detect if is an unusual login. But
is not really sufficient.
Many DNSBLs also track IPs used for authentication attacks as well as
spam sources, so this can be helpful.
For "do something" I means:
- too many logins from different country
- too many fast login
Also consider rate-limiting your users as well as Bayes filters on
outgoing mail for spam signs. User-generated From: and Reply-to: headers
are often but not always a spam sign.
So we are always looking for a system/software/service/script to detect
login to POP IMAP or SMTP not made by the user.
Think defense in depth. Multiple overlapping spam detection mechanisms
rather than a one-size-fits-all approach. It sounds like you're on the
right track. And don't think that you're finished once you have these
things in place. There will always be new attack vectors.
--
Jay Hennigan - [email protected]
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
