Homer:
Two steps eliminated this problem for us:
1) Accounts with more than 6 failed login attempts in a 10 minute period
are disabled for 10 minutes. This makes brute force methods to find
passwords almost impossible.
2) Limit to 200 outgoing messages per day per user. We'll raise it to
any reasonable value for an individual account. I.E.: We'll let you
send 1000 per day so you can get your church newsletter out, but we
won't remove the limit completely and let you spam (knowingly or not).
This minimizes the damage if a password is still compromised.
200 is a pretty high limit. Very few people send more than 50 in a day,
and almost nobody sends more than 100. We set it at 200 so we wouldn't
have to hear from anybody who isn't bulk mailing.
Dear Gentle Folk,
What is the state of the art in dealing with users whose SASL password
has been compromised?
Running CentOS, and latest postfix.
When a password gets compromised, spam starts to pour out of the
server from endless numbers of IP's, to endless numbers of addresses.
Rate limiting is interesting but doesn't really stop the spam.
Counting client=[IP] addresses until a threshold is reached
is highly effective, but then what? Change their password?
Thanks in advance.
Homer
------------------------------------------------------------------------
Homer Wilson Smith Clean Air, Clear Water, Art Matrix - Lightlink
(607) 277-0959 A Green Earth, and Peace, Internet, Ithaca NY
ho...@lightlink.com Is that too much to ask? http://www.lightlink.com
