Back to Community Threads
1
Combatting outgoing spam
Question asked by Neal Culiner - 6/16/2015 at 5:54 AM
Unanswered
Hello,
 
A user's computer has a virus/trojan and they are blasting out emails.  How can we handle this effectively as SM admin? I'm using SM 14 Enterprise Latest and it seems there are minimal controls for handling OUTGOING spam.  Content filtering appears to only be incoming.  All I can do is enable filters I suppose for outgoing blocks??
 
Thank you

6 Replies

Reply to Thread
0
Hemen Shah Replied
6/16/2015 at 6:10 AM
As a immediate support, you can ask reset users password to a strong combination, you can also disable the user for the time being till the time user takes off his system off the network and fully scans it.

you would also see huge number of mails in spool queue which can be deleted make sure its from infected user/domain and no genuine mails in queue gets deleted.
1
Bruce Barnes Replied
6/16/2015 at 6:40 AM
Immediately disable the user's account by setting him to DISABLE AND DON'T ALLOW MAIL.
 
Clean out all of the user's e-mail from your queue - you should be able to sort on the sender's e-mail address and delete them.

Change his password to a SECURE password.
 
Do not allow him to connect any clients until he agrees to use strong passwords and run an antivirus client on the devices.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Nathan Replied
6/16/2015 at 11:57 AM
Although in itself it will not stop spam you can also make use of the throttling features so that users can only send a reasonable amount of emails per hour.
1
Neal Culiner Replied
6/16/2015 at 1:18 PM
I checked to use message sniffer for outbound SMTP blocking and also checked the SMTP blocking option and set the Quarantine to 15 days.  It appears to be working well while we sort out the issue.  It does appear to be a hack vs. virus/trojan so the password reset is also a great suggestion.  Good advice Bruce - thank you.
0
Bruce Barnes Replied
6/16/2015 at 1:36 PM
The outbound quarantine can be a life saver.  Glad you got a temporary solution working.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Steve Reid Replied
6/17/2015 at 6:56 AM
Adding Declude to Smartermail and using the hijack plugin is apparently a good solution to stop outbound spam as well.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Configure SmarterMail as a Free Gateway ServerSmarterMail > Server Configuration and Management
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Message Archiving in SmarterMailSmarterMail > Installation and Configuration
Legal Holds and LitigationSmarterMail > Installation and Configuration