[Dovecot] 64.31.19.48 attempt to break into my computer
Ralf Hildebrandt
Ralf.Hildebrandt at charite.de
Thu Sep 22 17:21:52 EEST 2011
* Mike Cardwell <dovecot at lists.grepular.com>:
> The University I work at was suffering from this a *lot*. Phishers kept
> contacting our users pretending to be from our IT helpdesk asking users
> to reply with their login details so that their mailbox could be
> refreshed or so their quota could be fixed and other such things.
Same here.
> So I developed an application that sits on our outgoing mail routers
> looking for login credentials inside emails. If it finds any, it
> blackholes the email and sends an autoresponse to the sender telling
> them to never ever send login details via email under any circumstances.
> It Cc's me in too, and it catches people emailing their logins around on
> a *daily* basis.
clamav is supposed to be capable of that functionality
> Our usernames follow a very strict format, and we have a pretty strict
> password policy so what my program does is pull out a list of all the
> *possible* usernames and passwords and then attempts to authenticate
> against our AD using them.
Ah!
That's a nice idea.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt at charite.de | http://www.charite.de
More information about the dovecot
mailing list