Re: [qmailtoaster] Re: spam

[David Milholen]

Eric Shubert wrote: Jake Vickers wrote: On 04/09/2010 05:26 PM, Eric Shubert wrote: Jake Vickers wrote: On 04/09/2010 11:25 AM, madmac wrote: Is there then a way to secure squirrelmail, or any other webmail prog. This is a default install of qmail with the  ISO. Not having it is not an option, as most of the clients can only use webmail as they are on the road daily. Thanks I use fail2ban to monitor for brute-force attacks. Works on pop3 as well. fail2ban is good for brute-force attacks all right, but useless if a password is sniffed. Best to be sure that no passwords travel the internet in the clear. True - I run everything using SSL myself. I normally do not see too many passwords sniffed. I can provide gigs worth of logs of brute force attempts. ;) Yeah, I've only seen pw sniffed once. Lots of "script kiddies" out there though. I shut off pop3 entirely, and users use pop3-ssl. Haven't noticed any brute-force attacks on IMAP, or SMTP for that matter (doesn't mean there haven't been any though). I am migrating everything over to ssl slowly but in oder to do a full move without people noticing the pop up one time I need a fix on my self signed cert so it doesnt pop up everytime I login.  I am looking into it but just havent had time to figure out what I did wrong when I did the cert. --dave -- David Milholen Project Engineer 501-318-1300 Wireless Etc