Ping a Specific Port

Question

zigojacko

Asked: 2013-07-17 05:21:37 +0800 CST2013-07-17 05:21:37 +0800 CST 2013-07-17 05:21:37 +0800 CST

Implement server-side (CentOS) measures to prevent hosted mailboxes sending bucket loads of spam

772

We have a number of hosted clients on one of our servers.

One client in particular, which has four active mailboxes is repeatedly getting just one (and always the same one) mailbox infected so that hundreds of spam messages are being sent from the mailbox. This causes the IP address we route mail via on this server to get blacklisted and then we have to set up a new IP address for mail again.

We've carried out extensive investigation into this numerous times now and it is definitely something locally at the client's end that is getting attacked/hacked. Changing the password for the mailbox instantly resolves the problem which is also indicative of this.

Only problem is, this keeps happening - a month after the password has been changed, issue happens again.

Without real time mail log monitoring or similar, I'm unsure of a method that we can really identify this happening before it's too late.

Can anyone suggest something for CentOS that will detect and block outgoing spam before it gets out of hand - or any other solutions for that matter?

Thanks in advance.

4 Answers

Voted

Nathan C · Answer 1 · 2013-07-17T07:43:29+08:00

Nathan C

2013-07-17T07:43:29+08:002013-07-17T07:43:29+08:00

As discussed in the comments, you have a couple options:

1) Figure out a way to throttle outbound emails with your mail server,

2) Fire the client. :-)

2

mangia · Answer 2 · 2013-07-17T13:29:06+08:00

mangia

2013-07-17T13:29:06+08:002013-07-17T13:29:06+08:00

I'm using Policyd but only to limit number of emails per sender IP and SASL username (30-50 emails per hour is more than enough for normal usage)

1

ALex_hha · Answer 3 · 2013-07-18T00:29:33+08:00

ALex_hha

2013-07-18T00:29:33+08:002013-07-18T00:29:33+08:00

You could try to use Postfix session count and request rate control daemon http://www.postfix.org/anvil.8.html or use some additional policy server - http://postfwd.org

## Usage of rate and size
# The following temporary rejects requests from "unknown" clients, if they
# 1. exceeded 30 requests per hour or
# 2. tried to send more than 1.5mb within 10 minutes
   id=RATE01 ;  client_name==unknown ;  protocol_state==RCPT
      action=rate(client_address/30/3600/450 4.7.1 sorry, max 30 requests per hour)
   id=SIZE01 ;  client_name==unknown ;  protocol_state==END-OF-MESSAGE
      action=size(client_address/1572864/600/450 4.7.1 sorry, max 1.5mb per 10 minutes)

0

Oleg Neumyvakin · Answer 4 · 2013-07-18T03:34:47+08:00

Best Answer

Oleg Neumyvakin

2013-07-18T03:34:47+08:002013-07-18T03:34:47+08:00

I don't know exactly how it works, but may be Parallels Premium Outbound Antispam can help you?

http://download1.parallels.com/Plesk/PP11/11.0/Doc/en-US/online/plesk-administrator-guide/index.htm?fileName=71441.htm

0

Implement server-side (CentOS) measures to prevent hosted mailboxes sending bucket loads of spam

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?