Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Charles Sprickman (sporkbway.net)
Date: Sun Jul 19 2009 - 15:42:38 CDT
On Sat, 18 Jul 2009, Damian Myerscough wrote:
> Just out of curiosity how do you let your users change their passwords?
There's a few routes, since vpopmail basically stores everything in a
-a squirrelmail plugin
-a standalone php page
-Freeside's account management page
-"passwd" on the shell server (which is hooked-in to the vpopmail db via
> 2009/7/18 Charles Sprickman <sporkbway.net>:
>> On Sat, 18 Jul 2009, ram wrote:
>>> We run smtp services for our clients using smtp-auth. And nowadays we
>>> also enforce a strong password (minimum alphanumeric)
>>> But still people's passwords get compromised. Even a relatively strong
>>> password. To save our postfix servers I have implemented rate-limits ,
>>> and outgoing spam scanning.
>>> How do spammers get these passwords ??
>> I see our users hit with phishing attempts every few months, and the pattern
>> seems to be that once one phishing attempt hits, there's a few more in the
>> same week. Usually shortly thereafter we find at least one account that is
>> being abused either at the smtp or webmail level to spew spam.
>> Oddly enough, the "quality" of the phish does not seem to change the numbers
>> - the truly ridiculous ones that are written in broken english and have
>> quite farcical return addresses seem to work as well as the more carefully
>> forged ones. Each time we block the reply address(es) and send a warning
>> message stating again that we "will never ask you for your password". Yet
>> each time someone falls for it...
> Damian Myerscough