theft of 18,000,000 mail accounts and passwords

[Lena at lena.kiev.ua]

> The German Govermental Office about Security in Information informs that
> the police got access to a database of 18,000,000 stolen mail accounts

> how the criminals
> could get access to this amount of mail accounts and passwords

I think, mostly drive-by exploit kits (designed for Windows only,
using vulnerabilities in Windows, browsers and their plugins -
Java, Acrobat, Flash) steal stored passwords
and install form-grabbing malware.
Also phishing and checking for common passwords.

> and if we
> as FreeBSD users could be targeted by some of the methods.

Yes, by some: checking for common passwords (like user john, password 12345
or user test, password test) via POP3 and SMTP.
I invoke POP3 server (port mail/popa3d) from inetd with rate limiting:

pop3  stream tcp nowait/0/5 root /usr/local/libexec/popa3d popa3d
pop3s stream tcp nowait/0/7 root /usr/local/bin/stunnel stunnel /usr/local/etc/stunnel/popa3d.conf

Here 5 and 7 are limits: connections per minute from the same IP-address.
The limit often is triggered.

For Exim - automatic blocking of such password-cracking attempts
and automatic blocking of using stolen passwords for spamming,
entirely in Exim config: https://github.com/Exim/exim/wiki/BlockCracking

If you provide email service for users (not only yourself) then consider
that most users use Windows, so their passwords will be stolen
and used for spamming, it's just a matter of time.
Therefore, you absolutely need automatic blocking of stolen passwords,
else you'll be blacklisted.
Simple ratelimits are better than nothing but inconvenience honest users
and still allow spam to trickle through. Exim allows to use the
abovelinked code to catch spammers early.