1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Questions about exploited SMTP relay

Discussion in 'Windows Server' started by batric, Feb 7, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. batric

    batric Thread Starter

    Joined:
    Feb 7, 2015
    Messages:
    3
    Hello,

    I'm using SmarterMail on Windows Server 2008.

    I changed the SMTP relay from "Nobody" to "Only local users" and in last 2 days I had a large number of outgoing spam messages sent from my server (close to 6.000).

    This has happened in the past, and setting SMTP relay back to "Nobody" has fixed the issue.

    However, this means that I have to use SMTP authentication for every single website from which I want to send emails.

    I have the following questions:

    1. If relay is set to "Only local users", how is it possible to send emails from domains which are not on my server?
    2. If I use "Nobody" for SMTP relay, it safe to lower the number of seconds for SMTP authentication? The default is 120 seconds, which is way too long.
    3. Any ideas on how these emails are sent? The SMTP relay was still "only local users" and emails were sent from other domains as well (e.g. @refund.co.uk which is a spam domain I think).
    4. Can you please point me to some decent source where I can learn more about this?

    Thank you!
     
  2. peterh40

    peterh40

    Joined:
    Apr 15, 2007
    Messages:
    1,438
    First Name:
    Peter
    What you can do is configure al ist of IP addresses or IP address ranges so it restricts what machines are allow to connect and relay from , then you can can enable Anonymous connections on it.
     
  3. batric

    batric Thread Starter

    Joined:
    Feb 7, 2015
    Messages:
    3
    Thanks for the reply Peter; that sounds good.

    Would this work even when emails are being sent from websites?

    I remember seeing visitor's IP address being saved in the mail logs, because they were the ones that "initiated" the mail sending.
     
  4. peterh40

    peterh40

    Joined:
    Apr 15, 2007
    Messages:
    1,438
    First Name:
    Peter
    Yes, as long as you add ip address of websites allowed to send through your smtp server but the websites should be strengthed to avoid unwanted spam such as using one of those Captcha boxes before they can send mail, this will reduce spamming even more.
     
  5. batric

    batric Thread Starter

    Joined:
    Feb 7, 2015
    Messages:
    3
    I went through all the sections in SmarterMail admin, and couldn't find such an option :/

    However, after inspecting the logs, I found the way they were connecting - one of the email addresses had a "[email protected]" with password of "123456".
    Spammers were randomly trying to check common email names on every domain on the server: info, contact, admin, test, support, etc.
    They succeeded on 2 email addresses, and this enabled them to send email.

    I configured "DDOS" protection (this is how the feature is called in SmarterMail) for SMTP, POP and IMAP, and changed the passwords in question of course.

    These days there were as many as 17k blocked connections on POP and IMAP.

    This seems to be working now - will keep this thread posted if I discover something more.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1142633

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice