Question about SMTP Security
Question asked by Joe Dellaragione - August 16, 2017 at 9:19 AM
Unanswered
So I am fairly new with SmarterMail I had always used Exchange. I recently found out my domain had been blacklisted for sending out excessive SPAM. I discovered one of our email addresses had send out THOUSANDS of messages of SPAM. I immediately changed the password for the account but I am thinking security is not right on this server that allowed this person to use my SMTP server to send these messages. 
 
So is this the best pracrtice for security using what I have available to me? 
 
I installed an SSL certificate and under BINDINGS I have all ports changed to SSL EXCEPT for port 25 SMTP. (I do have 465 SSL SMTP as well). But I kept port 25 there because isn't that required to receive mail? 
 
Also in my firewall I have NAT set up and the only traffic I allow in from the outside are 25, 443, 465, 587, 993, and 995. 
 
I feel like having port 25 open is what caused this to happen but don't I need it for the MX record and to receive mail from the outside? 
 
Any other tips? 
 
Thanks
 

3 Replies

Reply to Thread
0
mmm well, use are mixing and matching security questions.
To stop a person from sending that many emails, you need to set up throttling, to where a person can only send X emails per hour.   The X is whatever you feel you are comfortable with.   You can also set this at the domain level too.
The port questions and NAT, are simply what the server can talk to the outside world with.  There are numerous ways to configure that.
But, to be clear, it was the fact that you didn't have throttling invoked or set-up correctly, that allowed thousand of emails to go out by a single user
0
Joe, most of our SM customers use a combo of Declude Hijack (available free from our website) and Throttling in SM. Declude Hijack prevents mass spam from leaving the server in the case of a compromised account. Please check out our KB article on how to handle an account that becomes compromised: http://know.mailsbestfriend.com/papers/Handling-Compromised-Accounts.shtml 99% of the time it is the user's computer that becomes compromised and the virus/malware uses their computer as an SMTP engine to send out spam, not a compromise of your server itself. Please let me know if you have any additional questions. Thanks.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Office: 703.988.3606

Authorized Reseller of SmarterTools Products
Authorized Reseller of Message Sniffer
0
It counts as 100 emails.
 
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Office: 703.988.3606

Authorized Reseller of SmarterTools Products
Authorized Reseller of Message Sniffer

Reply to Thread