Nexology Community
 
     
 
   

Go Back   Nexology Community > Nexus Zone > News and Announcements
Reload this Page Tightening Mail Server Security

Closed Thread
 
LinkBack Thread Tools Display Modes
Old 10-19-2007, 09:06 AM   #1
HN Top Canine
 
NexDog's Avatar
 
Join Date: Jan 2002
Location: The Nexus
Posts: 13,328
Tightening Mail Server Security
As posted here:

http://hostnexus.com/cgi-bin/mojo/mo...list=newsflash

This message is intended for all clients on our shared/reseller Linux servers. If you are hosted on a windows server the following does not apply as these measures are a built in function of Windows 2003.

Last months I emailed you on all on a new spam issue we are facing every day:

http://hostnexus.com/cgi-bin/mojo/mo...list=newsflash

Unfortunately the situation has not improved and is actually getting worse. Every day we are finding compromised mailboxes and a few servers have found their IPs listed on some widely used spam lists (RBLs). For those interested in the issue you read more about it at SpamHaus:

http://www.spamhaus.org/rokso/eviden...kso_id=ROK2669

As I mentioned in my last mail what actually is happening is that spammers scan the servers with programs containing easy username/password pairs (such as test/12345 or info/abc123 etc). On a server with hundreds of domains and thousands of mailboxes it is easy to get a hit and once in the spammer can spam from your mail account. This is not a new tactic but since most hosts clamped down on the formmail issue the spammers are having to use other means of which this is now the most popular.

We can stop this exploitation dead in its tracks but it's going to require a very small amount of co-operation from you, our clients and your end mail users. Until now you have been able to login to your mail accounts and webmail via the username only. What we need to do is tighten security and make each user login to mail accounts and webmail via the username AND domain name. Example:

BEFORE:
Login: <user>
Pass: <password>

AFTER:
Login: <user@yourdomain.com>
Pass: <password>

So as you can see your login name will change from "user" to "user@yourdomain.com".

Some of you are going to say, "But hey, I already use the full username and domain to login!". Yes, you are not wrong. Until now the servers have supported both ways of logging but after this change it will ONLY support the full login name. With this implemented the spammers programs will be rendered useless and our servers will be free from annoying issues such as being listed on RBLs making email bounce for some users.

We will make this change next week on Monday night US EST so that should give everyone enough time to make this simple change in mail client settings.

Please feel free to discuss this here:

http://www.nexusportal.net/showthrea...217#post106217
__________________
Laurence - [HostNexus Administrator]

- Need Support? Quickest reponses are found at the Support Helpdesk!
- Stay in touch! Make sure you are subscribed to our Lists.
NexDog is offline  
Closed Thread

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -5. The time now is 04:17 AM.

Contact Us - Hostnexus - Privacy Statement - Top

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.0 RC1
Copyright ©2001 - 2009, HostNexus