SMTP Security

Discussion in 'Installation/Configuration' started by Knudn, Feb 9, 2015.

  1. Knudn

    Knudn New Member

    Hi, i have a user who just got his account details stolen. And therefore our server started sending alot of spam, but the mail didn't come from our servers it just passed through our SMTP accessed by the login credentials from the user who got his user/pass stolen. My question is if there is a way to only permit smtp connections from the mail users from inside the ispconfig, or if you might have some other SMTP security tips to stop this from happening again. Thanks :)
     
  2. sjau

    sjau Local Meanie Moderator

    alter that user's password
    blacklist the ip from which the connection comes from
     
  3. Knudn

    Knudn New Member

    Sure that would work, but then someone else could come and do that same thing over again. Thanks for the reply anyhow :)
     
  4. sjau

    sjau Local Meanie Moderator

    how would someone else use it if you change the users's password?
     
  5. Knudn

    Knudn New Member

    Because we have a very large number of users and this user might never get affected by this again, but some other user we have might.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    You should monitor your mailqueue closely and when you see a unusual amount of mail, investigate the issue and change the account password. You can also write a script that monitors the mail.log for unusual login activity.

    There is no easy way to prevent the issue as you can not see who sits behind the computer screen that sends the mail, so you dont now if the right or wrong person is usiing the correct password / username combination.
     
  7. Knudn

    Knudn New Member

    Thanks for the reply, but is it possible to have a whitelist of domain names inside postfix? If someone steals my account information and uses it only for the outgoing mail, is it possible to distinguish that mail since the incoming adresse is a different one? If i for exemple uses my hotmail address as a incoming adresse and the ISPConfig SMTP as a outgoing adresse, is it possible to stop the mail from going thru my system since it is a Hotmailadresse and not one of the addresses found in a whitelist or somewhere else?

    Thanks :)
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    You mean that you want to restrict the sender address to the address of the account thatw as used for login?
     
  9. Knudn

    Knudn New Member

    Yes
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    http://bugtracker.ispconfig.org/index.php?do=details&task_id=1637

    But be aware that tis just means that the spammer will use the sender address of the hacked account instead of the hotmail address. While the false hotmail emails areeasily sorted out by the recipient server as your server is not a valid sender for hotmail.com, mails with the real address of the account will go trough.
     

Share This Page