On 07.10.13 15:42, Marek Podmaka wrote:
During last week we had 2 different email accounts compromised and used to send thousands of spams via our mailserver. Users were authentificated via SASL and connections were from many different IPs (different countries), so it looks like some botnet. But both users had 8-chars random password, each IP is limited to only 5 unsuccessfull SASL attempts via fail2ban, so I guess there must be some kind of virus in the wild which is stealing email passwords from users computers...
do you require or at least provide SSL/TLS encryption for SMTP users? While possibility of such malware is quite high (there was already malware stealing FTP passwords), it may not be able to sniff on encrypted connections -- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harm