Prevent sending SPAM on servers

gointern

New member
Joined
Feb 4, 2019
Messages
4
Hi, we are a small hosting startup and the linux team needs help. For one reason or another we often get hacked and servers start sending SPAM. Limits don't work, email are sent multiple ways... then servers get blacklisted and of course nobody can send email. Everybody get upset.

I am not sure why limits don't work. Do they get removed by the hackers? We use zabbix for monitoring servers. Maybe some ideas what to monitor to get an early heads up before spam is sent over tens of thousands of times. Is spamassassing the best there is? Are there alternatives that we could explore?

What changes could I suggest to make to prevent spam outbreaks?



Thanks.
 
Hello,

You can use BlockCracking to block accounts and scripts which send too much emails to non-existing email addresses. Search the forums for more details.

Then make sure you have the latest exim.conf 4.x for limits to work.

As for Zabbix you can monitor a size of mail queue exim -bpc and a number of sent emails (count size of *_ids files under /etc/virtual/usage/).

Zabbix does not have such metrics by default, we do it with commands running with sudo added into /etc/zabbix/zabbix_agentd.d/userparameter_exim.conf
 
Thanks. Thats something will definately look into.
Is it mostly enough to stop spam being sent? Anything else I could read up on or suggest?
 
Yes. You could also install maldetect to check sites for malicious or leak scripts.
The link takes you not to the creators of Maldetect but to a site which does explain how to install it and also links to some free signatures from them to add into the check.
 
Whatever you like, depending on your budget and server provider.

Free:

1. disable catch-all
2. limits users on using forwarders
3. set daily limits on sending emails on per user bases
4. enable SMTP_BLOCK with CSF/LFD (if you use it) and instruct your users to use local SMTP server in their scripts.

Possible free and paid solutions:

1. Some VPS providers offer their mail services to send emails out. You might check what offers yours.
2. You might use even paid 3rd party solutions for scanning outgoing emails
3. Install your own VPS with additional antispam software to scan outgoing emails for spam and malware.
4. etc...
 
Back
Top