my ispconfig mail server has one email mailbox probably hacked. the this mailbox is spaming .... How can i block sender ip adress ? the pirates (sender ip address): (136.169.210.132, 192.210.172.21)) Note : rspam is totally blind about this mess ... "no action" for ougoing mail ... ? why ? Sample from rspamd : Code: [email protected] 136.169.210.132 [email protected] [[email protected],[email protected],[email protected] … (10)] Treffen Sie die schönsten und lustvollsten Frauen. no action 3.90 / 15 95k
hello th0m, hope is gonna be alright for you. thank you for your answer. it's already done. But one more question : how to prevent this ? (rspamd tune in order to block outgoing trafic ) ?
You, as a service provider can not prevent your client's desktops get hacked or that they use the same password in different services and this other service getting hacked etc. All that you can do is monitor your system (mail queue) and take measures, like changing the password, when you recognize that an account was misused. One thing that you can do, if you disallow things like newsletters ending to your customers anyway, is that you restrict how many emails a user can send in a certain time, such sending limits can e.g. be configured in rspamd, there should be threads on that topic in the forum already.
The easier way to track spammers and any other issue with email is to have the email server running on a seperate server or virtual machine. You can then use a monitoring tool like Zabbix, Netdata and or Graylog (a superb piece of software) where you can track relatively easier the problem. I had endless problems with spammers in the past and the above combo solved all of them as it was easy to track down the problems before they escalate further. Regarding your question about blocking IPs you can use iptables; a simpler way is to use the CSF firewall which has an easier interface to block IP's/countries etc.