email user hacked : how to block ip address (in email config) ?

Discussion in 'ISPConfig 3 Priority Support' started by ledufakademy, Dec 6, 2022.

  1. ledufakademy

    ledufakademy Member

    my ispconfig mail server has one email mailbox probably hacked.
    the this mailbox is spaming ....
    How can i block sender ip adress ?
    the pirates (sender ip address):
    (136.169.210.132, 192.210.172.21))

    Note : rspam is totally blind about this mess ...
    "no action" for ougoing mail ... ? why ?

    Sample from rspamd :
    Code:
    [email protected]    136.169.210.132    [email protected]    [[email protected],[email protected],[email protected] … (10)]    Treffen Sie die schönsten und lustvollsten Frauen.    no action    3.90 / 15    95k
     
    Last edited: Dec 6, 2022
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Change the password for the hacked user.
     
    ledufakademy and till like this.
  3. ledufakademy

    ledufakademy Member

    hello th0m, hope is gonna be alright for you.
    thank you for your answer.
    it's already done.

    But one more question : how to prevent this ? (rspamd tune in order to block outgoing trafic ) ?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You, as a service provider can not prevent your client's desktops get hacked or that they use the same password in different services and this other service getting hacked etc. All that you can do is monitor your system (mail queue) and take measures, like changing the password, when you recognize that an account was misused. One thing that you can do, if you disallow things like newsletters ending to your customers anyway, is that you restrict how many emails a user can send in a certain time, such sending limits can e.g. be configured in rspamd, there should be threads on that topic in the forum already.
     
    ledufakademy likes this.
  5. ledufakademy

    ledufakademy Member

    thank you till, rpsamd spam/mail rate sending tunning : good idea.
     
  6. Stelios

    Stelios Active Member HowtoForge Supporter

    The easier way to track spammers and any other issue with email is to have the email server running on a seperate server or virtual machine. You can then use a monitoring tool like Zabbix, Netdata and or Graylog (a superb piece of software) where you can track relatively easier the problem.
    I had endless problems with spammers in the past and the above combo solved all of them as it was easy to track down the problems before they escalate further.
    Regarding your question about blocking IPs you can use iptables; a simpler way is to use the CSF firewall which has an easier interface to block IP's/countries etc.
     

Share This Page