Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Email/SMTP Related Forum
  Print view Previous topic | Next topic 
Author Message
sami1255
PostPosted: Sat Aug 10, 2013 8:31 pm 
Offline
Senior Member

Joined: Tue Aug 14, 2012 5:55 pm
Posts: 82
I am running an email server based on iRedmail, a script which set up an optimized set of tools (postfix, dovecot, spam assasign etc).

I have a few clients which use the email server for regular emailing needs.

My question is, how do I ensure that a client or anybody isn't using this machine to send spam or sending bulk emails, etc.

I have logwatch send me email daily which mentions

xx messages checked and passed by amavisd

xx send via smtp Postfix

Is that it ? am I 100 percent safe or still there may be some loophole ?
Top
   
Reply with quote  
Piki
PostPosted: Sun Aug 11, 2013 2:30 pm 
Offline
Senior Member
User avatar

Joined: Thu Jun 16, 2011 8:24 am
Posts: 412
Location: Cyberspace
You are never 100% safe.

Postfix will, to the best of my knowledge, send anything it's told to send. The best you can do is to ensure that it's not set to act as a mail relay for other servers, and that it is set to allow only authenticated users to send emails.

Although I personally haven't tried it, I think there should be a way to use SpamAssassin to filter outgoing emails. Trouble is, it may filter out a few legit emails here and there. Spam filtering can never be perfect.

_________________
Kris the Piki Geeker
Top
   
Reply with quote  
AGWA
PostPosted: Mon Aug 12, 2013 2:06 am 
Offline
Junior Member
User avatar

Joined: Tue Dec 27, 2005 1:33 am
Posts: 43
Location: USA
Unless you trust your users absolutely, you can't be 100% sure. Here are some suggestions though:

1. Use postfwd[1] to rate-limit the number of emails an account can send per day/hour/whatever. When spammers take over an account to send spam, they typically send a huge volume of spam in a short amount of time, which is hugely damaging to your reputation. Rate-limiting is an effective way to minimize the damage. The following postfwd rules should limit each SASL user to 50 messages per hour and 100 messages per day:

Code:
id=R001; sasl_username=~/./; action=rate(sasl_username/100/86400/REJECT only 100 messages per day for $$sasl_username)
id=R002; sasl_username=~/./; action=rate(sasl_username/50/3600/REJECT only 50 messages per hour for $$sasl_username)


2. Monitor the major blacklists for your IP address (you can do this yourself or use a free service such as mxtoolbox[2]), so you'll get alerted if your server is ever blacklisted. Then you'll know to look for a compromised account and apply for removal from blacklists. Policies vary between blacklist operators, but for the most part they're willing to de-blacklist you if you say you had a compromised account which you've taken care of. (I've administered email systems used by hundreds of users and this has happened to me a few times.)

Hope this helps.

[1] http://postfwd.org/
[2] http://mxtoolbox.com/
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Email/SMTP Related Forum


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group