- Mike Cardwell dovecot@lists.grepular.com:
The University I work at was suffering from this a *lot*. Phishers kept contacting our users pretending to be from our IT helpdesk asking users to reply with their login details so that their mailbox could be refreshed or so their quota could be fixed and other such things.
Same here.
So I developed an application that sits on our outgoing mail routers looking for login credentials inside emails. If it finds any, it blackholes the email and sends an autoresponse to the sender telling them to never ever send login details via email under any circumstances. It Cc's me in too, and it catches people emailing their logins around on a *daily* basis.
clamav is supposed to be capable of that functionality
Our usernames follow a very strict format, and we have a pretty strict password policy so what my program does is pull out a list of all the *possible* usernames and passwords and then attempts to authenticate against our AD using them.
Ah! That's a nice idea.
-- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@charite.de | http://www.charite.de