I am using PLAIN text passwords I'm afraid. I will be changing that now though.
I very tired of these password hacks.
Since this will be a new process for me I have questions: In changing the
server to require encrypted passwords, will I need to contact all my clients
and have them change the way they connect? Or will their email clients just
automate the change?
From: c...@milos.co.za c...@milos.co.za
To: vchkpw@inter7.com
Sent: Wednesday, March 5, 2014 6:45 AM
Subject: [vchkpw] [SPAM] Re: [vchkpw] [SPAM] Re: [vchkpw] [SPAM] Re: [vchkpw]
Qmail maillog vchkpw-submission vs vchkpw-smtp
It doesn't matter how good your password is if you're using plaintext
connections :)
Since every MUA I've used i nthe last few years supports SSL or TLS I should
really get around to deprecating pop3 and imap and only using pop3s and imaps.
This is especially imporant since some govts are trying to push through laws
forcing ISP's to store all of the data each of their users downloads meaning
that your unencrypted data will remain stored for however long is legislated
with access by who knows how many people.
\\Clay
On 2014-03-05 07:57, Tom Collins wrote:
The submission entries outside the US could very well be from hacked accounts.
I'm finding a surprising number of compromised accounts (once a week?),
including users with good passwords, so I have to assume they're snooped on
public wireless, or their computers are compromised by malware of some sort.
The vckpw-smtp entries from outside the US are probably also hacked accounts,
since mail received from remote servers doesn't include authentication.
Sorry I wasn't thinking clearly in my previous response -- I forgot these
were vchkpw entries and are only related to authentication. I was thinking
about qmail logs.
-Tom
On Mar 4, 2014, at 10:43 PM, LHTek wrote:
Thanks for the reply.
NOTE: None of my users will have sent anything from outside the US.
I've got some log entries for vchkpw-submission (marked as successful in the
log) with non-US IP's (Russia, Egypt, Honk Kong, etc).In my analysis I'm
marking those entries as hacked accounts.
From what I read from your response, vchkpw-smtp (marked as successful in
the log) entries could be mail sent TO my server FROM another server on port
25. That tells me those are probably safe submissions - even if they are
from overseas IPs. Am I thinking correctly?
From: Tom Collins t...@tomlogic.com
To: vchkpw@inter7.com
Sent: Wednesday, March 5, 2014 12:02 AM
Subject: Re: [vchkpw] Qmail maillog vchkpw-submission vs vchkpw-smtp
vchkpw-submission is on port 587, and is typically used for emai clients
relaying mail. It's often set up to require authentication.
vchkpw-smtp is on port 25, and can be used for email clients to relay mail,
or by other servers delivering mail to your server.
-Tom
On Mar 4, 2014, at 9:41 PM, LHTek wrote:
In the /var/log/maillog file what is the difference between these 2 entries
(vchkpw-submission, vchkpw-smtp)?
example:
Mar 4 17:27:03 michael vpopmail[14701]: vchkpw-submission: (PLAIN) login
success t...@domain.com:64.185.3.238
Mar 4 10:54:42 michael vpopmail[29027]: vchkpw-smtp: (PLAIN) login
success t...@domain.com:64.57.239.114
!DSPAM:531743f234265098613353!
