In recent months a lot of email accounts
worldwide are being broken into and used to send spam. This is done
using thousands of automated robots probing for accounts with 'obvious'
passwords. And no doubt also using phising techniques as well to trick
users into giving out details. The spammer then starts sending email from your
server and it will get blacklisted (this is usually when people notice the
If this hasn't happenned to your server yet, you can be
sure it will happen in the near future. Here are some settings you
should at least consider and or adjust to limit the damage when this
Some of these settings may confuse or annoy your real
users, so set as appropriate for your situation!
# Find any local accounts with really really obvious
# Login guesses per IP before it is automatically and
permenently locked out. Use tellmail unlock ip.address to fix...
# this won't stop them as they use so many robots to
guess from, but it might
# slow them down or stop simple attacks.
# If hacker attempts to login to one of these then the
ip is instantly locked out. (Don't use accounts that really exist)
# Only allow smtp logins if the user has previously
logged in via imap/pop from the same address
# Max messages an authenticated user can send per 30
minutes, e.g. 5000
# Max outgoing messages per ipaddress/return path pair,
30 minutes, e.g. 5000
# Detect local users sending 'spam like' email and send
a report to the manager.
# White list for people you know send mail that looks a
bit dodgy. :-)
# send manager an email if a local user sends more than
300 message in a day...