CheckAuthLog FAQ: Difference between revisions

Q. What are the prerequisites for CheckAuthLog?

PHP version 5 with DBA and mysql extensions.

The use of the mysql extension means that it will not work with the upcoming PHP 7 release until the code has been migrated to mysqli.

Q. What other things can I do to improve security?

Use Fail2ban

While CheckAuthLog is useful to detect strange patterns of email sending that could indicate stolen email credentials being used to send spam, one way of helping to avoid stolen email credentials is to slow down and block dictionary attacks on passwords.

Fail2ban parses log files and can be configured to block internet traffic from ip addresses that have made more than a configurable number of authentication errors.

Define and enforce a strong password policy

Only use encrypted connections

As a first defence it is recommended that all connections for reading and sending email are authenticated across a strongly encrypted connection. That drastically reduces the risk of the password being stolen.

Set up rate limiting in the MTA

In order to avoid hackers/spammers getting round the login limit by sending excess multiple messages within a single smtp connection, it is worthwhile setting up rate limits (for example smtpd_client_message_rate_limit parameter on postfix) to a value which will not interfere with normal mail sending, but that will stop a hacker/spammer sending infinite messages with one smtp connection.

Q. When reporting a problem what information should I provide?

Please see here