Ouch! Sounds like a good challenge. My first though is to make the problem a bit easier is to go back to the IP Restrictions and find a different solution for the traveling customers. So that the at home users use are authenticated by IP + password, and the travelers are authenticated by password + something. Lots of options for the +something of course, installing certificates and using an web based email or ssl vpn.
--Ralph > Hey everyone, > > I work at an ISP and we constantly have issues with SMTP Auth attacks > where > spammer's use correct customer credentials to use our mail servers as > relay > (closed relay? is there such a thing?). So far we have tried the > following: > > * User education (insert delirious laughter) - seriously, this seems to > never work. > * Force strong passwords - this doesn't work for customers answering > phishing emails for their username/password > * IP restrictions - this causes lots of complaints as customers travel and > want to still use SMTP > * Outgoing message limits on authenticated user - it only seems to takes a > handful of annoyed users to be blocked from places like Hotmail/Yahoo so > this doesn't work. > > There are no brute force attempts on our servers as the attackers have > figured out that our customer base is to put it lightly, non-techies who > reply to any email that asks for their password. Also should mention we > are > using Debian servers with Postfix for SMTP. > > The problem basically is that by the time our mailq alarms > > Does anyone have any ideas or wants to mention something that I've missed? > Google-fu pretty much tells me to turn SMTP Auth off but unfortunately > this > isn't an option. > > Cheers, > Ali > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
