[Dovecot] 64.31.19.48 attempt to break into my computer

Ralf Hildebrandt Ralf.Hildebrandt at charite.de
Thu Sep 22 17:21:52 EEST 2011


* Mike Cardwell <dovecot at lists.grepular.com>:

> The University I work at was suffering from this a *lot*. Phishers kept
> contacting our users pretending to be from our IT helpdesk asking users
> to reply with their login details so that their mailbox could be
> refreshed or so their quota could be fixed and other such things.

Same here.

> So I developed an application that sits on our outgoing mail routers
> looking for login credentials inside emails. If it finds any, it
> blackholes the email and sends an autoresponse to the sender telling
> them to never ever send login details via email under any circumstances.
> It Cc's me in too, and it catches people emailing their logins around on
> a *daily* basis.

clamav is supposed to be capable of that functionality
 
> Our usernames follow a very strict format, and we have a pretty strict
> password policy so what my program does is pull out a list of all the
> *possible* usernames and passwords and then attempts to authenticate
> against our AD using them.

Ah!
That's a nice idea.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebrandt at charite.de | http://www.charite.de
	    


More information about the dovecot mailing list