Does he use a common password at multiple sites?

--
Glenn Meadows
Mayfield Mastering
2825 Erica Place
Nashville, TN 37204
615-383-3708

this is very interesting, and i'm not surprised. people do all sorts of silly things, like logging in to their bank from a hotel lobby.

in my latest case, the customer does not use mobile devices at all, and deep scans of the computer that uses the compromised account didn't show any malware.

since we lock out after failed logins, i have no idea how this account's password was compromised.

david camm
advanced web systems
keller, tx


On 4/18/2016 10:22 AM, Lyle wrote:

Just an FYI on this subject.� We had problems with certain accounts getting their password stolen.� All cell phone users.

After we added an SSL certificate and converted those users to using SSL for both SMTP and IMAP, this problem seemed to disappear on it's own.

Kinda points to compromises via public WiFi points...

Lyle

On 04/18/16 09:52, Ed wrote:

Hi,

Try g_from_check and g_from_noforgeme��� there are some other strategies but this will get you started.

--Ed

On 04/18/2016 10:36 AM, David Camm wrote:

every once in a while - luckily not too often, a user's machine picks up
some malware and the result is that their smtp credentials are stolen
and then used by the bad guys to send a bunch of spam.

apparently they can log in but then send with a completely different
'from' address.

since we require the complete email address as part of smtp login (ie
dcamm@advwebsys.com), is there some setting or some rule which would
reject any attempt to log in as 'usera@validdomain.com' with a from
address of, say 'snowbunny@invaliddomain.eu'?

david camm
advanced web systems
keller, tx