Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


E-Mail Security IMAP
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

E-Mail Security IMAP

TeoMTeoM Member

Hello everyone,

is there any way to protect yourself from hackers regarding mail servers ? Assuming you have a mailhosting with Mxroute or any webspace with a provider with IMAP mailbox, then the only security is the email password. Is it possible to secure this somehow with 2 way authentication or similar ?

Comments

  • szarkaszarka Member

    Not to say that MFA wouldn't also be good, but I would assume the Mxroute also uses a firewall to limit password guessing attempts. Even the free ConfigServer has some nice options for this. :)

  • IMAP doesn't support two factor auth. JMAP does but not everything supports it yet.

  • You need to understand the threat model here. Why would anyone try to brute
    your mailbox, assuming you have a strong password in the first place? 2FA here
    is really redundant, and is usually complicates stuff with web tokens and other auth
    methods. Assuming you use just authenticated email to fetch/send from, you should
    be totally fine with a strong password and that's it. Gmail is different, since it's your entire
    Google account we are talking about, with Youtube, drive, and other shit.

  • jarjar Patron Provider, Top Host, Veteran
    edited July 2022

    @luckypenguin said: should be totally fine with a strong password

    Also a good anti-virus. A virus going around right now seems to pull off stealing your password from Outlook config, best I can tell. I've got some pretty heavy mitigations for catching it and locking down accounts though.

  • @jar said: Also a good anti-virus. A virus going around right now seems to pull off stealing your password from Outlook config, best I can tell.

    That is already what I consider semi targeted attacks. If we are talking about macros and malicious
    scripts whatsoever. Well, not a big fan of antivirus, if that's what you refer to. They suck on their
    signatures. It's just since last year MS finally nuked macros, and other malicious stuff by default.

    Thanked by 1jar
  • jarjar Patron Provider, Top Host, Veteran

    @luckypenguin said:

    @jar said: Also a good anti-virus. A virus going around right now seems to pull off stealing your password from Outlook config, best I can tell.

    That is already what I consider semi targeted attacks. If we are talking about macros and malicious
    scripts whatsoever. Well, not a big fan of antivirus, if that's what you refer to. They suck on their
    signatures. It's just since last year MS finally nuked macros, and other malicious stuff by default.

    Honestly just don't download weird attachments, but the number of people who do it anyway is admittedly alarming.

  • If I was you I would nuke it at rspamd rule. Or at least put it in a dedicated folder for the
    benefit of your clients. I'm sure the benefit will overcome the false-positives.

    Thanked by 1jar
  • jarjar Patron Provider, Top Host, Veteran

    @luckypenguin said:
    If I was you I would nuke it at rspamd rule. Or at least put it in a dedicated folder for the
    benefit of your clients. I'm sure the benefit will overcome the false-positives.

    On the inbound they keep changing patterns and virus signatures, it's been.... hell :joy:

  • cochoncochon Member

    @luckypenguin said:
    Why would anyone try to brute your mailbox

    For many who never housekeep their e-mail, it's a treasure trove of username/password combinations sent from poorly designed sign-ups, and a goldmine for identity theft.

    Thanked by 1jar
  • jarjar Patron Provider, Top Host, Veteran
    edited July 2022

    @cochon said:

    @luckypenguin said:
    Why would anyone try to brute your mailbox

    For many who never housekeep their e-mail, it's a treasure trove of username/password combinations sent from poorly designed sign-ups, and a goldmine for identity theft.

    Aye. Though it's worth noting, success from credential stuffing is so high that brute force has taken a distant second place in effectiveness.

    Tbh, I think that virus I mentioned might actually be second place. At least for my customers. Basic brute force protection mostly eliminates it, just makes it too high cost.

Sign In or Register to comment.