The Glade 4.0
https://gladerebooted.net/

Attn: Glade email users -- security change
https://gladerebooted.net/viewtopic.php?f=2&t=6593		 Page 1 of 1
Author:  Stathol [ Sat Jun 25, 2011 11:00 am ]
Post subject:  Attn: Glade email users -- security change
Head's up:

A few days ago, I noticed some lamer trying to dictionary attack the Glade's POP3 service. Not to worry -- it didn't succeed. Also, this is a pretty common occurrence these days. I see it at work a lot, too. Nevertheless:

  1. If you have a gladerebooted email account, please be sure to use a strong password. I recommend using Keepass for this kind of thing. By default, it will handily generate 100-bit (ish) passwords for you.
  2. I've added an iptables filter to thwart this kind of thing. Basically, it tracks the number of connections each source IP tries to make to IMAP(S) and POP3(S). If an IP exceeds certain thresholds for connections/second, it gets banned from all communication with the server for one hour. Any attempt to connect to the server before the ban expires extends it for another hour.

The thresholds are:
  • More than 5 connections in 1 minute
  • More than 15 connections in 10 minutes

This only matters if you're using IMAP/POP3 directly. Web mail (squirrelmail) use is a separate thing. The filter doesn't know (and can't tell) if your connections successfully authenticate or not, so if you exceed these limits, you'll get banned even though you are a legit user. I doubt this will affect anyone, but even so:

TL;DR: If you use a glade email account with Thunderbird, Outlook, etc. do not try to fetch mail more frequently than about once a minute or you may get temporarily blocked from the Glade (all of it).

If this somehow happens to you, let me know via email (obviously you won't be able to PM me :lol:):

statholturris@gmail.com
Author:  Talya [ Sat Jun 25, 2011 11:06 am ]
Post subject: 
There's glade email?
Author:  Stathol [ Sat Jun 25, 2011 11:17 am ]
Post subject: 
Yeah. I don't think it ever got out of "beta" status, but several people have @gladrebooted.org addresses. I haven't really pried into the logs to see if anyone is actually still using it, though.

Coming up with a better postfix/imap/pop3/spamassassin/clamav system is on my to-do list. I've put together a really nice setup for my postfix server at work, but it's not the sort of thing that you can just copy-and-paste.
Author:  darksiege [ Sat Jun 25, 2011 3:58 pm ]
Post subject: 
I think I had a gladerebooted email... if I do can someone just close it down? I don't think I ever used it
Author:  Foamy [ Mon Jun 27, 2011 7:45 am ]
Post subject:  Re:
darksiege wrote:
I think I had a gladerebooted email... if I do can someone just close it down? I don't think I ever used it


Ditto.

I may have requested one, but I never use it. Please close. Thanks.
Author:  Lex Luthor [ Mon Jun 27, 2011 9:54 am ]
Post subject: 
Does gladerebooted.org get classified as spam when it sends email to Gmail? Just curious.
Author:  Stathol [ Mon Jun 27, 2011 11:10 am ]
Post subject: 
ರ_ರ

I think the best answer here, is "no, and I'd like to keep it that way".
Author:  Stathol [ Mon Jun 27, 2011 11:11 am ]
Post subject: 
This is the current list of people with accounts:

  • darksiege
  • FarSky
  • Foamy
  • Midgen
  • Müs
  • Nitefox
  • FarSky
  • Lenas
  • Mookhow
  • NephyrS
  • Oonagh
  • Stathol

There's also one other, but it appears to be someone's IRL name, so I won't post it here. First and last initials are P.B. Hopefully you'll know who you are.

If you would like you account closed, let me know.

Darksiege and Foamy: Is there anything you would like me to do with any mail that might currently be in those mailboxes? I don't know that there is, but if so I can probably find a way to get it exported to an MBOX file or something.

Scratch that. I hope you'll forgive me, but I peaked in your directories and the only thing in there was the "Hi, this will initialize your mailbox" message. Your accounts will be closed shortly.
Author:  NephyrS [ Mon Jun 27, 2011 11:13 am ]
Post subject: 
You can go ahead and close mine. I was going to use it to forward moderation related stuff too, but the changes to our message folders eliminated the need.
Author:  Stathol [ Mon Jun 27, 2011 11:25 am ]
Post subject:  Re:
NephyrS wrote:
You can go ahead and close mine. I was going to use it to forward moderation related stuff too, but the changes to our message folders eliminated the need.

Account deleted.
Author:  Midgen [ Mon Jun 27, 2011 12:54 pm ]
Post subject: 
Please delete the Midgen mailbox if you haven't already.

Thanks
Author:  Stathol [ Mon Jun 27, 2011 8:10 pm ]
Post subject:  Re:
Midgen wrote:
Please delete the Midgen mailbox if you haven't already.

Thanks

Done.
Author:  Mookhow [ Mon Jun 27, 2011 8:30 pm ]
Post subject:  Re: Attn: Glade email users -- security change
Well, *I* like my gladereboooted account. Though technically it's not an account, just a forward to my gmail account.
Page 1 of 1 All times are UTC - 6 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/