I guess there is a bug with Smartermail 14.x
I did notice this issue a few versions ago.
In the past, if an external spammer "guessed" a local user's password, they started sending email from our server, authenticating with that specific user account.
So we did a couple of things:
- An alert that was triggered if spool levels went above the "normal" load.
- A throttling of every user in the system so even when the spammer was trying to send thousands of mails in minutes, they were "throttled" and therefore, the negative impact was minimum
- The email in the From has to be the same email when authenticating, so its easier to block a spammer when knowing what accout to block.
With these in place, whenever we spotted a spammer:
- Searched for its local domain, found the email account and selected "Disable and do not allow mail" and then changed the password to a secure one.
- Went to spool, searched for that email account and deleted the thousands of mails
- And it worked great!!!!
NOW... Smartermail DOES NOT WORK AT ALL.
We have the same config, but when we try to stop the spammer, it doesnt get stopped. We have tried a lot of things, but at the end, we have to restart Smartermail service, which is annoying and should not be the case.
- We disable the account, as before
- Change the password
- Go to spool, delete the mails coming from that account...
- The mails keep appearing in the spool over and over and over.
- We tried blacklisting the IPs listed in SMTP connections from where the messages are coming, but they are too many and its a never ending process
- We went to the email account config, deselected all accesses (POP, IMAP, SMTP, etc.)
- Spam keeps coming
- Reloaded the domain where the spammer account is located
- Same story... spam keeps coming
- Disabled SMTP
And now it stopped, but we dont want to have SMTP disabled.
- A few minutes later we started SMTP service again and it seems to have stopped.
Anyway, ST people, please look into this... Blocking a spammer should be a simple task.
Oh, and if I am doing anything wrong or there is another easier process, please let me know.