I am getting the following message on 6.0a3-3.

 

Spammer sending detected on 122.164.135.108 from multiple ip addresses (8), change users password urgently, or set g_breakin_white enduser@somedomain.com or disable by setting to *, use tellmail breakin_release to unlock the account.

 

The problem is that there are spammers out there that have somehow managed to come up with quite a few usernames on different domains.  They are then trying to brute force the end uers’s password which in turn triggers the lockout of the account.  It’s become quite an annoyance because I have to stop what I am doing to unlock accounts.  I really don’t want to remove the lock out policy but at the same time it’s causing a lot of grief right now.    I’ve searched for g_breakin_white with the Find Config Setting search but nothing is coming up.

 

 

Any suggestions on how to handle this?

 

 

Richey

My personal recommendation is to make the lock out period shorter.  Ours is set to 10 minutes.  Then it auto resets.  It's enough to discourage the hackers.  It is annoying for users setting up their smart phone as the auto configure can cause an account lock out.

But telling them about the 10 mins and asking them to set their phone down and go get a cup of coffee and if it's configured right, it will be working by the time they get back.  And my customers are good with that.

Lyle Giese
LCR Computer Services, Inc.