1 Topic by tasiot

  • tasiot
  • Member
  • Offline
  • Registered: 2012-04-24
  • Posts: 14

Topic: Smtp crack password !

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.8.5
- Linux/BSD distribution name and version: Debian 7.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,

I just received an email containing my email address and my password in plain text, and bearing the object "SMTP Crack".

Can anyone help me check the security of my installation, do you know of a recent flaw in this matter?

Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Smtp crack password !

- Are you using a weak password?
- Do you have Fail2ban service correctly running?

3 Reply by tasiot

  • tasiot
  • Member
  • Offline
  • Registered: 2012-04-24
  • Posts: 14

Re: Smtp crack password !

Thanks for your reply.

My password is strong and fail2ban is correctly running.

I suppose the hacker got my password by another website and simply sent by my smtp server…
I changed my password and I will check my mail.log to see if he retry sending email…

Can you confirm me that my password are not stored somewhere in my server not crypted ?

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Smtp crack password !

tasiot wrote:

- iRedMail version (check /etc/iredmail-release): 0.8.5

I cannot really remember which password hash was used by iRedMail-0.8.5, it was released on Jul 14, 2013. Maybe salted MD5, but not plain text.

Most time crackers/hackers just guess the passwords and try to verify it with IMAP/POP3/SMTP services, so you may find many authentication failure in Dovecot/Postfix log files.

5 Reply by tasiot

  • tasiot
  • Member
  • Offline
  • Registered: 2012-04-24
  • Posts: 14

Re: Smtp crack password !

My password is composed by small and big letters, and digits ; in 8 characters…

I will check my fail2ban policy tonight…

Thanks