| To: | Quinn Comendant <quinn@strangecode.com> |
|---|---|
| Subject: | Re: POP3 password scanning |
| From: | Markus Stumpf <maex-lists-qmail@leo.org> |
| Date: | Fri, 26 Jan 2007 13:24:03 +0100 |
| Cc: | qmail@list.cr.yp.to |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | gmail-qmail@securepoint.com |
| Delivered-to: | sp.com.list@gmail.com |
| Delivered-to: | mailing list qmail@list.cr.yp.to |
| In-reply-to: | <20070125142447176214.67bfc7a3@strangecode.com> |
| Mailing-list: | contact qmail-help@list.cr.yp.to; run by ezmlm |
| Organization: | LEO - Link Everything Online, Munich, Germany |
| References: | <20070125142447176214.67bfc7a3@strangecode.com> |
| User-agent: | Mutt/1.5.12-2006-07-14 |
On Thu, Jan 25, 2007 at 02:24:47PM -0800, Quinn Comendant wrote:
> But then I found a paradox. In my /var/log/maillog are many entries like this:
>
> Jan 21 08:31:02 mx vpopmail[11387]: vchkpw-pop3: password fail (pass:
> '257a2117dc3b42e16ef3263877ad6aaf') dann@dansdesk.co.uk:86.142.39.161
> Jan 21 08:31:02 mx vpopmail[11389]: vchkpw-pop3: (PLAIN) login success
> dan@dansdesk.co.uk:86.142.39.161
What I find more puzzling is:
dann@dansdesk.co.uk jordean@powerpolitics.com malewa@maleasmith.com
dan@dansdesk.co.uk jordan@powerpolitics.com malea@maleasmith.com
Did you notice that the usernames are different for the CRAM-MD5 login
that fails and the PLAIN login that is successful?
\Maex
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: sbl-xbl going away; zen replacing it, Sami Farin |
|---|---|
| Next by Date: | Re: sbl-xbl going away; zen replacing it, Charles Cazabon |
| Previous by Thread: | Re: POP3 password scanning, Quinn Comendant |
| Next by Thread: | Re: POP3 password scanning, Quinn Comendant |
| Indexes: | [Date] [Thread] [Top] [All Lists] |