Solution to stop compromised mails

Discussion forum for Enterprise Edition.
Post Reply
shawnwangws
Posts: 11
Joined: Thu Feb 25, 2016 5:43 am

Solution to stop compromised mails

Post by shawnwangws » Tue Apr 12, 2016 2:03 am

Hi,
I am facing the issue with some compromised accounts. What I have done:
1. Contact the owner of the account to change the password
2. Disable some accounts of them.
3. Enable some functionalities in SMTP ->Security tab
- Reject mail if sender address is from an invalid domain
- Authenticated senders must use valid sender address
- disable all catchalls
- Restrict the number of recipients per email to 300
- Limit number of recipients per hour to 600 per hour
( I can't limit less as my company need use one of the account to send out notifications to all users)
- PRT Record check: Reject senders without PTR

But I still have many smtp connections with compromised account, even the account is disable, I can see it appears in SMTP connections.
Why it happens like that? What else I could do?
Thanks

shawnwangws
Posts: 11
Joined: Thu Feb 25, 2016 5:43 am

Re: Solution to stop compromised mails

Post by shawnwangws » Thu Apr 21, 2016 11:25 pm

Give an example.

I had disabled the account of e*****.com.au\tim****** last Friday 22/04/2016. But today I received the system critical message that

Value: ME-I0xxx: The 17 recipient(s) for mailbox e****.net.au/tim****** puts it over limit of 600 per hour (current count 609).

How to completely stop the activity of the account exclude delete the account?
Thanks.

GregWoodsVL
Posts: 1
Joined: Thu Nov 28, 2019 9:12 am

Re: Solution to stop compromised mails

Post by GregWoodsVL » Thu Nov 28, 2019 9:14 am

Great question and followup. Still relevant. It's a pity nobody is interested. Maybe StackOverflow is better?

cfdynamics
Posts: 135
Joined: Mon May 24, 2010 2:27 pm

Re: Solution to stop compromised mails

Post by cfdynamics » Mon Dec 02, 2019 6:39 pm

Is the IP they are connecting from perhaps in the "Privileged IP" list? Looks like anything in that list can send without restriction.
Kent Runyan
CFDynamics.com
Providing World Class Hosting Solutions for over two decades.

Post Reply