> We had a spamming incident that began around 2:30 am that leveraged a compromised Surgemail account. Our monitoring system caught the issue at 3:17 am, so when our help desk person started his day at 6 am he was able to identify the compromised account that the spammer was using for smtpauth. But changing the Surgemail account's password did not stop the spamming from continuing. Assuming that Surgemail maintained the initial SMTP authentication (which the Surgemail logs support), we restarted Surgemail on both nodes (surgemail stop; wait until the process disappears; surgemail start). But the spamming continued. We ended up removing the email account to halt the spamming.
> How should we have addressed this issue? Is there a command that will clear any and all existing SMTP AUTH session for a particular username?
Block the IP with IPTables.
Last Message | Next Message
Site Map |
Contact Netwin |
POP3 Mail Server |
Linux Webmail |
UnInstall instructions for all products
Copyright © 2017 Netwin Ltd. All rights reserved.