Combatting outgoing spam
Question asked by Neal Culiner - 6/16/2015 at 5:54 AM
Unanswered
Hello,
 
A user's computer has a virus/trojan and they are blasting out emails.  How can we handle this effectively as SM admin? I'm using SM 14 Enterprise Latest and it seems there are minimal controls for handling OUTGOING spam.  Content filtering appears to only be incoming.  All I can do is enable filters I suppose for outgoing blocks??
 
Thank you

6 Replies

Reply to Thread
0
Hemen Shah Replied
As a immediate support, you can ask reset users password to a strong combination, you can also disable the user for the time being till the time user takes off his system off the network and fully scans it.

you would also see huge number of mails in spool queue which can be deleted make sure its from infected user/domain and no genuine mails in queue gets deleted.
1
Bruce Barnes Replied
Immediately disable the user's account by setting him to DISABLE AND DON'T ALLOW MAIL.
 
Clean out all of the user's e-mail from your queue - you should be able to sort on the sender's e-mail address and delete them.

Change his password to a SECURE password.
 
Do not allow him to connect any clients until he agrees to use strong passwords and run an antivirus client on the devices.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Nathan Y Replied
Although in itself it will not stop spam you can also make use of the throttling features so that users can only send a reasonable amount of emails per hour.
1
Neal Culiner Replied
I checked to use message sniffer for outbound SMTP blocking and also checked the SMTP blocking option and set the Quarantine to 15 days.  It appears to be working well while we sort out the issue.  It does appear to be a hack vs. virus/trojan so the password reset is also a great suggestion.  Good advice Bruce - thank you.
0
Bruce Barnes Replied
The outbound quarantine can be a life saver.  Glad you got a temporary solution working.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Steve Reid Replied
Adding Declude to Smartermail and using the hijack plugin is apparently a good solution to stop outbound spam as well.

Reply to Thread