well, i can't really answer that, but given that:
1. he is a retired ibmer (like me), and an IT professional and
2. they do not use mobile devices to access the net and
3. there was no evidence of malware on the machine that uses the account
i'm not sure how that can play.....
david camm
advanced wbe systems
keller, tx
On 4/18/2016 4:57 PM, Glenn Meadows wrote:
> Does he use a common password at multiple sites?
> --
> Glenn Meadows
> Mayfield Mastering
> 2825 Erica Place
> Nashville, TN 37204
> 615-383-3708
> On 4/18/2016 4:56 PM, David Camm wrote:
>> this is very interesting, and i'm not surprised. people do all sorts
>> of silly things, like logging in to their bank from a hotel lobby.
>>
>> in my latest case, the customer does not use mobile devices at all,
>> and deep scans of the computer that uses the compromised account
>> didn't show any malware.
>>
>> since we lock out after failed logins, i have no idea how this
>> account's password was compromised.
>>
>> david camm
>> advanced web systems
>> keller, tx
>>
>>
>> On 4/18/2016 10:22 AM, Lyle wrote:
>>> Just an FYI on this subject. We had problems with certain accounts
>>> getting their password stolen. All cell phone users.
>>>
>>> After we added an SSL certificate and converted those users to using
>>> SSL for both SMTP and IMAP, this problem seemed to disappear on it's
>>> own.
>>>
>>> Kinda points to compromises via public WiFi points...
>>>
>>> Lyle
>>>
>>> On 04/18/16 09:52, Ed wrote:
>>>> Hi,
>>>>
>>>> Try g_from_check and g_from_noforgeme there are some other
>>>> strategies but this will get you started.
>>>>
>>>> --Ed
>>>>
>>>> On 04/18/2016 10:36 AM, David Camm wrote:
>>>>> every once in a while - luckily not too often, a user's machine
>>>>> picks up
>>>>> some malware and the result is that their smtp credentials are stolen
>>>>> and then used by the bad guys to send a bunch of spam.
>>>>>
>>>>> apparently they can log in but then send with a completely different
>>>>> 'from' address.
>>>>>
>>>>> since we require the complete email address as part of smtp login (ie
>>>>>HIDDEN@advwebsys.com), is there some setting or some rule which would
>>>>> reject any attempt to log in as HIDDEN@validdomain.com' with a from
>>>>> address of, say HIDDEN@nny@invaliddomain.eu'?
>>>>>
>>>>> david camm
>>>>> advanced web systems
>>>>> keller, tx
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>
>>
>
|
