Thanks in advance.
Ignacio
Hi there. Some days ago 1 of our postfix servers was abused by bot
networks using one of our customer's stolen credentials, inadvertently
done by a virus/keylogger probably. In few hours more than 20000 spam
messages were in our queue. Looking at the logs I realized all those
outgoing messages came authenticated with the same stolen user
credentials and from many different geolocations. Just changing the
password solved the problem. This is a very disturbing issue for us,
since it is hard to notice there's something going on until the server
is already puking spam all over. Does anybody know of an automatic way
of preventing this (or at least an automatic way of blocking it in early
stages)? We were thinking of something like a script monitoring the logs
for same-user authenticated connections from different IPs to create a
blacklist of some sort...
- Protection against stolen credentials? Ignacio García
- Re: Protection against stolen credentials? ram
- Re: Protection against stolen credentials? Ignacio García
- Re: Protection against stolen credentials? John Fawcett
- Re: Protection against stolen credentials... Ignacio García
- Re: Protection against stolen creden... John Fawcett
