CheckAuthLog FAQ: Difference between revisions

From voipsupport
Jump to navigation Jump to search
No edit summary
Line 14: Line 14:


====Define and enforce a strong password policy====
====Define and enforce a strong password policy====
====Only use encrypted connections====
As a first defence it is recommended that all connections for reading and sending email are authenticated across a strongly encrypted connection. That drastically reduces the risk of the password being stolen.


===Q. When reporting a problem what information should I provide?===
===Q. When reporting a problem what information should I provide?===


Please see [[CheckAuthLog Support|here]]
Please see [[CheckAuthLog Support|here]]

Revision as of 17:55, 13 June 2016

Q. What are the prerequisites for CheckAuthLog?

PHP version 5 with DBA and mysql extensions.

The use of the mysql extension means that it will not work with the upcoming PHP 7 release until the code has been migrated to mysqli.

Q. What other things can I do to improve security?

Use Fail2ban

While CheckAuthLog is useful to detect strange patterns of email sending that could indicate stolen email credentials being used to send spam, one way of helping to avoid stolen email credentials is to slow down and block dictionary attacks on passwords.

Fail2ban parses log files and can be configured to block internet traffic from ip addresses that have made more than a configurable number of authentication errors.

Define and enforce a strong password policy

Only use encrypted connections

As a first defence it is recommended that all connections for reading and sending email are authenticated across a strongly encrypted connection. That drastically reduces the risk of the password being stolen.

Q. When reporting a problem what information should I provide?

Please see here