Mailing List SIMS@mail.stalker.com Message #15529
From: Clive Bruton <clive@indx.co.uk>
Subject: Re: Spam on my server
Date: Wed, 29 Aug 2007 15:37:06 +0100
To: SIMS Discussions <SIMS@mail.stalker.com>
X-Mailer: Apple Mail (2.752.2)

On 29 Aug 2007, at 15:06, Bill Cole wrote:

If you have SMTP AUTH or POP-before-SMTP enabled, it is likely that this is the result of the spammer guessing the password of some account and using that to open up relay access. Unfortunately, the most commonly guessed passwords are those of common accounts, e.g. 'postmaster'  for a SIMS system.

Is there SMTP auth in SIMS!? ("Advertise AUTH capability" - I've never been able to get that to work). POP-before-SMTP is the way it works right now.

Without deep logging, it is impossible to know for sure why SIMS let that mail through. I always recommend setting logging for every piece other than the HTTP module in SIMS to "All" but I'm a log fetishist. Having full logs is only problematic if you are  short on disk space and/or lack good tools for examining them, two problems that are readily fixed. Lacking full logs means you lack necessary data to be able to figure out unexpected events, and that missing information is gone for good.

Right, the data to track is gone. I thought I had pretty good passwords that weren't susceptible to dictionary-type attacks, but I have seen people trying these in the past. I am pretty short on disk space, and this (beige) G3 is overdue for retirement, so I don't think it's going to get upgraded. Perhaps I'll move some things around.

I can look through the logs with BBEdit, do you recommend something else?

I'll watch the logs over the next few weeks to see if I can find any repeated attempted log-ins.

Thanks


-- Clive
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster