[Dovecot] 64.31.19.48 attempt to break into my computer
Mike Cardwell
dovecot at lists.grepular.com
Thu Sep 22 17:27:25 EEST 2011
On 22/09/11 15:21, Ralf Hildebrandt wrote:
>> The University I work at was suffering from this a *lot*. Phishers kept
>> contacting our users pretending to be from our IT helpdesk asking users
>> to reply with their login details so that their mailbox could be
>> refreshed or so their quota could be fixed and other such things.
>
> Same here.
>
>> So I developed an application that sits on our outgoing mail routers
>> looking for login credentials inside emails. If it finds any, it
>> blackholes the email and sends an autoresponse to the sender telling
>> them to never ever send login details via email under any circumstances.
>> It Cc's me in too, and it catches people emailing their logins around on
>> a *daily* basis.
>
> clamav is supposed to be capable of that functionality
>
>> Our usernames follow a very strict format, and we have a pretty strict
>> password policy so what my program does is pull out a list of all the
>> *possible* usernames and passwords and then attempts to authenticate
>> against our AD using them.
>
> Ah!
> That's a nice idea.
Perhaps, if you have a list of the plain text passwords in advance you
could use ClamAV. In our case, we don't as we're using an AD. I actually
copied the ClamAV tcp and local interface API so that any MTA which can
plug in to ClamAV is also able to plug into Kochi. That's one of the
things the framework provides.
--
Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc
Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20110922/14549869/attachment-0004.bin>
More information about the dovecot
mailing list