21 Jul
2010
21 Jul
'10
2:29 p.m.
A relatively recent development that spammers got wind of is users that have username==password, with/without the domain. I am tracking numerous 1-off attempts from bots to gain access to mailboxes this way. Situation isn't made any better if you're also using dovecot as SMTP AUTH provider for I am ashamed to admit I've relayed some spam that way. Would it be possible to deny login if username==password with a (non?)polite/custom message to go change your password to something less obvious ?