Hi. On a populated ISPConfig 3 install we experienced a compromised Joomla website, from which malicious remote users managed to send 50k mails of spam outside. In short our server was blacklisted and ALL mails stopped delivering, including legitimate ones. Now we took offline the compromised site and cleaned the postfix queue, but we would like to understand if there's some action we can do to prevent this from happening again. This is a default ISPConfig installation, we just provide web hosting, no mail hosting, but the mailserver is running. Thanks
We had a simlar issue with users sending out spam emails. Here is the solution we used. http://www.policyd.org/ Here is the way to integrate it in a way to stop sending out spam email. http://www.void.gr/kargig/blog/2011...p-web-applications-using-postfix-and-policyd/ Please note that I am not an expert. Just sharing what I know. They might be better ways to do the same thing. P.V.Anthony
This is a side note for future visitors to this thread: If the compromised site is using the PHP mail() function to send spam, in ISPConfig you can temporarily block the website's ability to send email while you implement spam prevention and/or fix the breach. In ISPConfig, goto: Sites -> domain.com (the compromised site) -> Options (tab) -> Custom php.ini settings Type the following in the box: disable_functions = "mail" Click save. The site can no longer use the php mail() function to send spam (or any email for that matter). So note that you need to delete this option once you've removed/sealed the breach so the website can send email again.
