From: Charles Sprickman (sporkbway.net)
Date: Sun Jul 19 2009 - 15:42:38 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 18 Jul 2009, Damian Myerscough wrote:

> Hello,
>
> Just out of curiosity how do you let your users change their passwords?

There's a few routes, since vpopmail basically stores everything in a
database:

-a squirrelmail plugin
-a standalone php page
-Freeside's account management page
-"passwd" on the shell server (which is hooked-in to the vpopmail db via
pam_mysql)

Charles

> 2009/7/18 Charles Sprickman <sporkbway.net>:
>> On Sat, 18 Jul 2009, ram wrote:
>>
>>> We run smtp services for our clients using smtp-auth. And nowadays we
>>> also enforce a strong password (minimum alphanumeric)
>>> But still people's passwords get compromised. Even a relatively strong
>>> password. To save our postfix servers I have implemented rate-limits ,
>>> and outgoing spam scanning.
>>> [...]
>>> How do spammers get these passwords ??
>>
>> I see our users hit with phishing attempts every few months, and the pattern
>> seems to be that once one phishing attempt hits, there's a few more in the
>> same week.  Usually shortly thereafter we find at least one account that is
>> being abused either at the smtp or webmail level to spew spam.
>>
>> Oddly enough, the "quality" of the phish does not seem to change the numbers
>> - the truly ridiculous ones that are written in broken english and have
>> quite farcical return addresses seem to work as well as the more carefully
>> forged ones.  Each time we block the reply address(es) and send a warning
>> message stating again that we "will never ask you for your password".  Yet
>> each time someone falls for it...
>>
>> Charles
>>
>>>
>>> Thanks
>>> Ram
>>>
>>>
>>>
>>
>
>
>
> --
> Regards,
> Damian Myerscough
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]