Educause Security Discussion mailing list archives
Re: Compromise Email Accounts
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Tue, 3 Feb 2009 20:35:35 +1300
On 31/01/2009, at 5:23 AM, Joe Vieira wrote:
Currently we have a python script to detect compromised accounts(runs once an hour). it runs thru postfix logs looking for bounces, and at a certain threshold will lock out your account. Basically the idea is that, NO ONE actually generates 100+ bounces in one hour, and if they do, they are probably spamming people.
BIngo! why didn't I think of that! Will modify my script to do that and see how it goes... Thanks, Russell
Attachment:
smime.p7s
Description:
Current thread:
- Re: Compromise Email Accounts, (continued)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Zach Jansen (Jan 21)
- Re: Compromise Email Accounts Roger Safian (Jan 21)
- Re: Compromise Email Accounts Mike Porter (Jan 21)
- Re: Compromise Email Accounts Schumacher, Adam J (Jan 21)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Russell Fulton (Jan 29)
- Re: Compromise Email Accounts Sabo, Eric (Jan 29)
- Re: Compromise Email Accounts Joe Vieira (Jan 30)
- Re: Compromise Email Accounts Russell Fulton (Feb 02)
- Re: Compromise Email Accounts Daniel Bennett (Feb 03)
- Re: Compromise Email Accounts Steven Tardy (Feb 03)
- Re: Compromise Email Accounts Jeremy Mooney (Feb 03)
- Re: Compromise Email Accounts Steven Tardy (Feb 03)
- Re: Compromise Email Accounts Jeremy Mooney (Feb 04)
- Re: Compromise Email Accounts Kellogg, Brian D. (Feb 04)