Can I turn off email access?

[jim.thornton]

I have a server with only a few websites on it. However, the server does not host any email accounts (other than the basic DA accounts). All of the website owners use rogers, hotmail, gmail, etc. However, I have two sites that use GMail Apps For Business and Outlook that both use DNS entries to forward the mail to those services.

I'm curious if there is a way to "turn off" emails so that hackers can't get into the system and send out spam (that happened to me last year)? Or, if I do that will it completely break the updates that I get from the server to the account owners?

I'm just looking to lock down my server more than it is since I'm getting a lot of brute force attacks (in another thread).

 

[24x7server]

If your server doesn't host email accounts then there is no need to create email account through DirectAdmin control panel.

 

[jim.thornton]

If your server doesn't host email accounts then there is no need to create email account through DirectAdmin control panel.

That's what I'm saying. Is there a way to turn the service off completely so that people can't try and hack pop3 or exim? Or will that break things? e.g. DA communicating with me that someone is brute-forcing my server?

Also... I do have one account that is using mail forwarders to forward to a gmail account. But, if that is the only reason not to turn it off, then I can get rid of that forwarder.

 

[Richard G]

If your server doesn't host email accounts then there is no need to create email account through DirectAdmin control panel.

Remember that the system account is always an email account too. So they can try to bruteforce that if they succeed to get the accountname.

@Jim: You can enforce email authentication, check this:
https://help.directadmin.com/item.php?id=467

Since there are no email accounts except system accounts, it's not really likely they break something. And they won't be able to spam via the php mail function.

I woulndn't disable exim.

 

[zEitEr]

That's what I'm saying. Is there a way to turn the service off completely so that people can't try and hack pop3 or exim? Or will that break things? e.g. DA communicating with me that someone is brute-forcing my server?

I'd rather do all of (or partly) the following:

1. close incoming connections to TCP: 25 110 143 465 587 993 995 with firewall both for ipv4 and ipv6
2. install the latest exim.pl/exim.conf and set global limit for sending emails to 1 (zero would mean no limit at all)
3. enable SMTP_LIMIT in CSF/LFD
4. disable PHP mail() globally.

Dovecot can be disabled from running at all without risk:

./build set dovecot no./build remove_dovecot

the same way roundcube/squirrelmail should be disabled and removed.

I'd rather let exim to run.

 

[jim.thornton]

Thank you.

Changing those exim settings and php_mail. Will that still allow people to submit a form on a website to contact the owner? Or would that form have to them be configured with a remote SMTP account?

 

[zEitEr]

With options 3 and 4 enabled no email will be sent from a website unless a site is configured to use local SMTP.

You will need PHP mail() if your site does not use SMTP.

You will need SMTP_LIMIT disabled (or user should be set as trusted) if your site use SMTP of Google/Yahoo/Outlook/misc, i.e. username/password to connect to a SMTP server and send emails.

If sites send emails a limit should be raised of course, the limit can be changed per user.