Date: Mon, 7 Apr 2014 17:44:03 +0300 From: Lena@lena.kiev.ua To: freebsd-questions@freebsd.org Cc: Matthias Apitz <guru@unixarea.de> Subject: Re: theft of 18,000,000 mail accounts and passwords Message-ID: <20140407144403.GF784@lena.kiev> In-Reply-To: <20140406154313.GA3062@La-Habana> References: <mailman.89.1396872001.95290.freebsd-questions@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> The German Govermental Office about Security in Information informs that > the police got access to a database of 18,000,000 stolen mail accounts > how the criminals > could get access to this amount of mail accounts and passwords I think, mostly drive-by exploit kits (designed for Windows only, using vulnerabilities in Windows, browsers and their plugins - Java, Acrobat, Flash) steal stored passwords and install form-grabbing malware. Also phishing and checking for common passwords. > and if we > as FreeBSD users could be targeted by some of the methods. Yes, by some: checking for common passwords (like user john, password 12345 or user test, password test) via POP3 and SMTP. I invoke POP3 server (port mail/popa3d) from inetd with rate limiting: pop3 stream tcp nowait/0/5 root /usr/local/libexec/popa3d popa3d pop3s stream tcp nowait/0/7 root /usr/local/bin/stunnel stunnel /usr/local/etc/stunnel/popa3d.conf Here 5 and 7 are limits: connections per minute from the same IP-address. The limit often is triggered. For Exim - automatic blocking of such password-cracking attempts and automatic blocking of using stolen passwords for spamming, entirely in Exim config: https://github.com/Exim/exim/wiki/BlockCracking If you provide email service for users (not only yourself) then consider that most users use Windows, so their passwords will be stolen and used for spamming, it's just a matter of time. Therefore, you absolutely need automatic blocking of stolen passwords, else you'll be blacklisted. Simple ratelimits are better than nothing but inconvenience honest users and still allow spam to trickle through. Exim allows to use the abovelinked code to catch spammers early.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140407144403.GF784>