2
Question about SMTP Security
Question asked by Joe Dellaragione - 8/16/2017 at 9:19 AM
Unanswered
So I am fairly new with SmarterMail I had always used Exchange. I recently found out my domain had been blacklisted for sending out excessive SPAM. I discovered one of our email addresses had send out THOUSANDS of messages of SPAM. I immediately changed the password for the account but I am thinking security is not right on this server that allowed this person to use my SMTP server to send these messages. 
 
So is this the best pracrtice for security using what I have available to me? 
 
I installed an SSL certificate and under BINDINGS I have all ports changed to SSL EXCEPT for port 25 SMTP. (I do have 465 SSL SMTP as well). But I kept port 25 there because isn't that required to receive mail? 
 
Also in my firewall I have NAT set up and the only traffic I allow in from the outside are 25, 443, 465, 587, 993, and 995. 
 
I feel like having port 25 open is what caused this to happen but don't I need it for the MX record and to receive mail from the outside? 
 
Any other tips? 
 
Thanks
 

5 Replies

Reply to Thread
0
Merle Wait Replied
mmm well, use are mixing and matching security questions.
To stop a person from sending that many emails, you need to set up throttling, to where a person can only send X emails per hour.   The X is whatever you feel you are comfortable with.   You can also set this at the domain level too.
The port questions and NAT, are simply what the server can talk to the outside world with.  There are numerous ways to configure that.
But, to be clear, it was the fact that you didn't have throttling invoked or set-up correctly, that allowed thousand of emails to go out by a single user
0
Joe Dellaragione Replied
Yup - Great advice because I just found those throttling sections and set them up. If a user sends a message and has 25 people CC'd does that count as 25 messages, or just 1?

Also can I make it to I get an alert when someone is throttled so I can make sure its not malicious.
0
Linda Pagillo Replied
Joe, most of our SM customers use a combo of Declude Hijack (available free from our website) and Throttling in SM. Declude Hijack prevents mass spam from leaving the server in the case of a compromised account. Please check out our KB article on how to handle an account that becomes compromised: http://know.mailsbestfriend.com/papers/Handling-Compromised-Accounts.shtml 99% of the time it is the user's computer that becomes compromised and the virus/malware uses their computer as an SMTP engine to send out spam, not a compromise of your server itself. Please let me know if you have any additional questions. Thanks.
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 Authorized Reseller of SmarterTools Products Authorized Reseller of Message Sniffer
0
Joe Dellaragione Replied
Thanks! Do you know if one user sends an email to 100 contacts if that counts as 1 email or 100 when it comes to the "Outgoing Messages per Hour (0 = Unlimited)" setting on the server?
0
Linda Pagillo Replied
It counts as 100 emails.
 
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 Authorized Reseller of SmarterTools Products Authorized Reseller of Message Sniffer

Reply to Thread