Hi, i have a user who just got his account details stolen. And therefore our server started sending alot of spam, but the mail didn't come from our servers it just passed through our SMTP accessed by the login credentials from the user who got his user/pass stolen. My question is if there is a way to only permit smtp connections from the mail users from inside the ispconfig, or if you might have some other SMTP security tips to stop this from happening again. Thanks
Sure that would work, but then someone else could come and do that same thing over again. Thanks for the reply anyhow
Because we have a very large number of users and this user might never get affected by this again, but some other user we have might.
You should monitor your mailqueue closely and when you see a unusual amount of mail, investigate the issue and change the account password. You can also write a script that monitors the mail.log for unusual login activity. There is no easy way to prevent the issue as you can not see who sits behind the computer screen that sends the mail, so you dont now if the right or wrong person is usiing the correct password / username combination.
Thanks for the reply, but is it possible to have a whitelist of domain names inside postfix? If someone steals my account information and uses it only for the outgoing mail, is it possible to distinguish that mail since the incoming adresse is a different one? If i for exemple uses my hotmail address as a incoming adresse and the ISPConfig SMTP as a outgoing adresse, is it possible to stop the mail from going thru my system since it is a Hotmailadresse and not one of the addresses found in a whitelist or somewhere else? Thanks
You mean that you want to restrict the sender address to the address of the account thatw as used for login?
http://bugtracker.ispconfig.org/index.php?do=details&task_id=1637 But be aware that tis just means that the spammer will use the sender address of the hacked account instead of the hotmail address. While the false hotmail emails areeasily sorted out by the recipient server as your server is not a valid sender for hotmail.com, mails with the real address of the account will go trough.
