Secure EMAIL

omelin · November 29, 2018, 9:34am

hi,
we are having a lot of email accounts hack , what are your best practice to secure email server and to mitigate hack email accounts?

I have tried to add multiple RBLs , many clients ips are listed and that generates more problems

thank you for your time

d2d4j · November 29, 2018, 10:19am

Hi omelin

Do you mind me asking how you know the email accounts are/have been hacked

Firstly, do you have BFD installed, if not I would advise you do

Have you checked your mail que and if you view, you should see where it has been generated from ie website or email account - take note of email address and domain. This may help you narrow to domains

If some of your clients IP address are listed in RBL?s, are you sure the email is not simply been declined due to RBL listing of their IP address.

Have you checked your own sending IP address used by qmail. If listed, again this may indicate where to start looking

Do you have maldet installed, updated and running. If so, run a manual scan on /home /opt /tmp/vat/tmp directories. Please make sure clamAV is fully updated as maldet will make use of clamAV

There?s probably more but if you could update re above

Many thanks

John

omelin · November 30, 2018, 6:52am

d2d4j:

Hi omelin

Do you mind me asking how you know the email accounts are/have been hacked

Firstly, do you have BFD installed, if not I would advise you do

Have you checked your mail que and if you view, you should see where it has been generated from ie website or email account - take note of email address and domain. This may help you narrow to domains

If some of your clients IP address are listed in RBL?s, are you sure the email is not simply been declined due to RBL listing of their IP address.

Have you checked your own sending IP address used by qmail. If listed, again this may indicate where to start looking

Do you have maldet installed, updated and running. If so, run a manual scan on /home /opt /tmp/vat/tmp directories. Please make sure clamAV is fully updated as maldet will make use of clamAV

There?s probably more but if you could update re above

Many thanks

John

d2d4j ,
thank you for your reply.

tha hacker are getting my customers email password, sou i only can detect them when my qmail is high , i change the password to the hack account

i dont have BFD install becouse when i change the password to an email account the rest of my client network gets block and the problem gets worst.

my clients ip have small problems when thay are in RBL , my servers sometimes get on RBL becouse of the hack emails

i have never use maldet i will install it, how do you update manually clamav , i have tried some commands and i think clamav isent updateing.

i am want to determine if the email server is hack somehow or if there is a vulnerability i have not consider.

At the moment i am running a script to determine if the qmail is high i stop de smtp out and send a warnning, i go in and change the password to the hack email account

thank you for your comments

d2d4j · December 1, 2018, 4:23am

Hi omelin

Many thanks

ClamAV should auto update, just login to nodeworx, server, logs, mail, freshclam to check current update

You could look at spamdyke which may help

To be honest, rereading your posts, I am inclined to think the issue maybe at your clients computer, as given you have reset password and it runs normally then starts again. This may explain why the password is known - directly at clients computer

It?s just a thought as I would need more details to help further (sample of email, header details etc…)

Many thanks

John

samK · June 10, 2020, 3:09am

Use Email with End-to-End Encryption
Protect or Restrict Administrator Accounts
Protect end-users through good policies and training