Prohibiting a DA user account from generating email

J

jlpeifer

Verified User
Joined
Jun 6, 2006
Messages
107
One of my client's websites was hacked over the weekend. Apparently there is/was an exploit in a Joomla add-in called JCE Editor. The hacker used this exploit to drop a couple of php files into my client's public_html directory. Those files then apparently generated gobs of spam that was routed through exim on the same server using the hacked account's credentials.

So let's say the account's DA login is something like "Acmecorp". Is there a way to configure exim (or better yet, is there a setting in the in the DA Control Panel) so that Acmecorp is blocked from sending email via exim on localhost?
 
Thanks SCSI. Very helpful. I'm definitely going to implement this across all of my clients so that I don't encounter this hassle again.

In the meantime I also just noticed a setting in the Control Panel --> Admin Level --> Show All Users --> Acmecorp that reads, "Sent Emails" and then provides an option to set a limit of "x / day" (where x is a number that I can define). If I just set this to zero will it achieve the same effect?
 
Yes 0 should disable them from being able to send email.
 
Two important considerations:

I believe that zero allows unlimited email. If I'm correct it's the only way to override a system default limit with an unlimited user.

and...

Dont just rely on this wo just work without attention. Over the past few days we had to clean up a server that had almost 8 million emails in a user mailbox because a spammer had discovered an email password, and had used authenticated logins to send spam. Because of the limit_user feature (the domain could only send one email daily) all additional emails were marked as unrouteable, and returned to the mailbox. It slowly slowed down the server, and eventually brought it to a slow ehough state that exim suspended deliveries. Then the mail queue started filling. And by then the user was noticing he couldn't get his own mail in and out through his nameserver. Once we discovered the problem it took a short time to clear the queue, but hours to clear the user's mailbox, using exim -Mrm one email at a time.

Jeff
 
You must log in or register to reply here.
Back
Top