Email monitoring

Portal Home > Knowledgebase > Articles Database > Email monitoring

Posted by JohnB_20, 10-31-2014, 10:15 AM
Hi, We have been plagued recently with compromised accounts on our shared server which have been sending out spam. We can clear up and stop the spam but usually the first we know of it is either when we spot it in logs or when we are blacklisted. Does anyone know of a solution which can monitor outbound mail and alert us when an account is sending multiple emails per hour? Thanks in advance
Posted by Srv24x7, 10-31-2014, 10:25 AM
Hi, You can configure the LFD to do so. You will be alerted when high amount of mails go out of your server.
Posted by chenetwork, 10-31-2014, 07:13 PM
Two recommendations that may help: 1) Limit the number of emails that can be sent per hour. While this won't alert you to the fact that an account has been compromised, it will limit the damage. 2) Use fail2ban - http://www.fail2ban.org It will help stop the accounts from getting compromised in the first place. What hackers do is hit your server with a ton of different authentication requests looking for a good user name and password combination. Once they find it, they then use those accounts to send spam. Having fail2ban block IPs after so many failed attempts makes it much more difficult for those accounts to be compromised.
Posted by mellow-h, 10-31-2014, 08:25 PM
You need some strong spam controlling tools in your server for both incoming and outgoing. It is also important to check accounts regularly for backdated scripts. Most of the times, backdated scripts are the reason why spam scripts are inserted in the server at the first place.
Posted by Kailash12, 11-01-2014, 10:29 AM
You haven't mentioned which type of mail server are you using? You can also use third party services like SpamExperts for outgoing email scanning. I believe they have integration with many mail servers.
Posted by Louis - SiteMyWeb, 11-01-2014, 11:26 AM
Depending on your setup, if you are using cPanel you can use CPHulk to block IPs after failed login attempts to prevent unauthorised access to customers email accounts. You can also use CSF which blocks IPs too. I would also recommend you limit emails per hour, the usual maximum hourly emails per domain is around 200/300.
Posted by SparkSupport, 11-03-2014, 02:30 AM
The Best Method is to set your email limits while configuring the MTA itself ! Plus create some additional scripts ,if at all you require further alerts.