Announcement

Collapse
No announcement yet.

Secure EMAIL

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Secure EMAIL

    hi,
    we are having a lot of email accounts hack , what are your best practice to secure email server and to mitigate hack email accounts?

    I have tried to add multiple RBLs , many clients ips are listed and that generates more problems


    thank you for your time

  • #2
    Hi omelin

    Do you mind me asking how you know the email accounts are/have been hacked

    Firstly, do you have BFD installed, if not I would advise you do

    Have you checked your mail que and if you view, you should see where it has been generated from ie website or email account - take note of email address and domain. This may help you narrow to domains

    If some of your clients IP address are listed in RBLís, are you sure the email is not simply been declined due to RBL listing of their IP address.

    Have you checked your own sending IP address used by qmail. If listed, again this may indicate where to start looking

    Do you have maldet installed, updated and running. If so, run a manual scan on /home /opt /tmp/vat/tmp directories. Please make sure clamAV is fully updated as maldet will make use of clamAV

    Thereís probably more but if you could update re above

    Many thanks

    John

    Comment


    • #3
      Originally posted by d2d4j View Post
      Hi omelin

      Do you mind me asking how you know the email accounts are/have been hacked

      Firstly, do you have BFD installed, if not I would advise you do

      Have you checked your mail que and if you view, you should see where it has been generated from ie website or email account - take note of email address and domain. This may help you narrow to domains

      If some of your clients IP address are listed in RBLís, are you sure the email is not simply been declined due to RBL listing of their IP address.

      Have you checked your own sending IP address used by qmail. If listed, again this may indicate where to start looking

      Do you have maldet installed, updated and running. If so, run a manual scan on /home /opt /tmp/vat/tmp directories. Please make sure clamAV is fully updated as maldet will make use of clamAV

      Thereís probably more but if you could update re above

      Many thanks

      John
      d2d4j ,
      thank you for your reply.

      tha hacker are getting my customers email password, sou i only can detect them when my qmail is high , i change the password to the hack account

      i dont have BFD install becouse when i change the password to an email account the rest of my client network gets block and the problem gets worst.

      my clients ip have small problems when thay are in RBL , my servers sometimes get on RBL becouse of the hack emails

      i have never use maldet i will install it, how do you update manually clamav , i have tried some commands and i think clamav isent updateing.

      i am want to determine if the email server is hack somehow or if there is a vulnerability i have not consider.

      At the moment i am running a script to determine if the qmail is high i stop de smtp out and send a warnning, i go in and change the password to the hack email account

      thank you for your comments

      Comment


      • #4
        Hi omelin

        Many thanks

        ClamAV should auto update, just login to nodeworx, server, logs, mail, freshclam to check current update

        You could look at spamdyke which may help

        To be honest, rereading your posts, I am inclined to think the issue maybe at your clients computer, as given you have reset password and it runs normally then starts again. This may explain why the password is known - directly at clients computer

        Itís just a thought as I would need more details to help further (sample of email, header details etc...)

        Many thanks

        John

        Comment

        Working...
        X