On Fri, 13 Jul 2012, Rick Moen <rick@linuxmafia.com> wrote:
Quoting Russell Coker (russell@coker.com.au):
http://etbe.coker.com.au/2012/07/09/postfwd-local-email/
I recently had a SMTP AUTH account compromised.
Connection attempts to an MTA can be made at a rate orders of magnitude faster than can be made to an sshd.
If they did make lots of connections then I would have noticed. The number of login errors etc didn't increase much.
Also, I'll note your blog takes as given that guessing the password was the vector for compromise. Could be, or might not be.
If they had some better way of gaining access then they would have done something more useful than send out spam from the test account. If they were doing something more useful then they wouldn't have sent out spam to avoid drawing attention to themselves. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/