SurgeMail Archive: re: Re: [SurgeMail List] customer email account hijacked

Subject:	re: Re: [SurgeMail List] customer email account hijacked - anything i
From:	Support
Date:	28-Jun-2012
g_safe_smtp which requires that users authenticating to relay via SMTP have recently also authenticated via POP3/IMAP. This seems to have effectively stopped all of this type of abuse on the systems I run. This doesn't stop end users from giving away their credentials of course, but it helps prevent the abuse of your server in the end... at least until the people stealing the credentials realize they can get around this by authenticating via POP3/IMAP prior to relaying via auth SMTP. :( i had this set MANY moons ago on dmail. however, i stopped using it, since as i recollect, you couldn't set the allowable interval between pop/imap login and send request. Just to clarify, it's not the same setting as the relay window used in dmail, it's very similar but it's 'as well as authenticated' not 'instead of' The result is normal users mostly won't notice the setting, but dumb mass email robots farms will consistently hit it and be blocked. ChrisP.


Search website: