Hi,
I am facing the issue with some compromised accounts. What I have done:
1. Contact the owner of the account to change the password
2. Disable some accounts of them.
3. Enable some functionalities in SMTP ->Security tab
- Reject mail if sender address is from an invalid domain
- Authenticated senders must use valid sender address
- disable all catchalls
- Restrict the number of recipients per email to 300
- Limit number of recipients per hour to 600 per hour
( I can't limit less as my company need use one of the account to send out notifications to all users)
- PRT Record check: Reject senders without PTR
But I still have many smtp connections with compromised account, even the account is disable, I can see it appears in SMTP connections.
Why it happens like that? What else I could do?
Thanks
Solution to stop compromised mails
-
- Posts: 11
- Joined: Thu Feb 25, 2016 5:43 am
Re: Solution to stop compromised mails
Give an example.
I had disabled the account of e*****.com.au\tim****** last Friday 22/04/2016. But today I received the system critical message that
Value: ME-I0xxx: The 17 recipient(s) for mailbox e****.net.au/tim****** puts it over limit of 600 per hour (current count 609).
How to completely stop the activity of the account exclude delete the account?
Thanks.
I had disabled the account of e*****.com.au\tim****** last Friday 22/04/2016. But today I received the system critical message that
Value: ME-I0xxx: The 17 recipient(s) for mailbox e****.net.au/tim****** puts it over limit of 600 per hour (current count 609).
How to completely stop the activity of the account exclude delete the account?
Thanks.
-
- Posts: 1
- Joined: Thu Nov 28, 2019 9:12 am
Re: Solution to stop compromised mails
Great question and followup. Still relevant. It's a pity nobody is interested. Maybe StackOverflow is better?
-
- Posts: 154
- Joined: Mon May 24, 2010 2:27 pm
Re: Solution to stop compromised mails
Is the IP they are connecting from perhaps in the "Privileged IP" list? Looks like anything in that list can send without restriction.
Kent Runyan
CFDynamics.com
Providing World Class Hosting Solutions for over two decades.
CFDynamics.com
Providing World Class Hosting Solutions for over two decades.