On Sat, 18 Jul 2009, ram wrote:
We run smtp services for our clients using smtp-auth. And nowadays we also enforce a strong password (minimum alphanumeric) But still people's passwords get compromised. Even a relatively strong password. To save our postfix servers I have implemented rate-limits , and outgoing spam scanning. [...] How do spammers get these passwords ??
I see our users hit with phishing attempts every few months, and the pattern seems to be that once one phishing attempt hits, there's a few more in the same week. Usually shortly thereafter we find at least one account that is being abused either at the smtp or webmail level to spew spam.
Oddly enough, the "quality" of the phish does not seem to change the numbers - the truly ridiculous ones that are written in broken english and have quite farcical return addresses seem to work as well as the more carefully forged ones. Each time we block the reply address(es) and send a warning message stating again that we "will never ask you for your password". Yet each time someone falls for it...
Charles
Thanks Ram
