SMTP service detect when password is changed and drop connections from that account
Idea shared by Dave Lerner - December 11, 2014 at 7:57 PM
Suggestion for future versions of SmarterMail...
When user account gets hacked, we of course detect that with various abuse detection rules, and then change the password. The problem is that in a distributed form of this attack (the usual vector), dozens, maybe hundreds of SMTP connections are opened with that user's credentials...all of which are actively sending spam. The suggestion I would propose is that, like the RBL rules that detect a change and don't require a server restart, the SMTP process would behave the same way.
Currently, we have to stop and start the SMTP process to drop all open SMTP connections opened by the hacked account. It would be a great feature if the password change could be detected, and maybe via tick box, all open SMTP connections for the affected account be dropped.

2 Replies

Reply to Thread
Robert Emmett Replied
Employee Post
Currently, in SM 13, you can set specify the maximum number of messages per SMTP session.  Setting this option would effectively accomplish this.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
The main thing to take from this thread is that user logins should not be cached by Smartermail. Even when I change an AD user password I expect outlook to start complaining. However something is caching it. This has been discussed before and I thought it was eventually going to happen?

Reply to Thread