Results 1 to 6 of 6

Thread: Max messages

  1. #1
    Userx is offline New Member
    Join Date
    Jul 2008
    Posts
    4
    Rep Power
    6

    Default Max messages

    I have a significant problem with users giving out access to their webmail account unsuspectedly. We have had a few Phish messages arrive with a link, The link delivers a page that looks exactly like my webmail login page. When my users visit the link and login they have given their login credintials to a SPAM source.

    The SPAM source is using the account access to relay mail from other sources. In some cases the compromised accounts have been logged into and setup to send mail.

    I am tightening up my rules to prevent the original phish.

    The easy answer to this is to have my users change their password(s).

    I'm looking for the hard answer:
    1. Can I search all mailboxes for a message containing a string? Then if I find the string can I delete this from all mailboxes? For example, if the culprit Phish message contains "login to webmail for maintenance", I want to find that string and delete before my users "CLICK".
    2. Can I throttle how many messages are sent from accounts? Once an account is compromised we find it trying to send thousands of messages to 10-20 accounts. Is there a way to tell my MTA's to alert me when an account is trying to send to X number of accounts or X number of messages?
    3. We setup a script to look for the number of authentications to the audit.log file. This gives a quick look to find compromised accounts. Is there a better way?
    4. The accounts are setup to send mail from a different domain with a reply to the different domain. Can I block my server from sending from a different domain? i.e. the email message came from abc@xyz.com, but my domain is 123.com.


    Thanks for any assistance. Since we have to have webmail access from anywhere, it is difficult to block this from happening (users not checking carefully when logging into a site).

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    With respect to outbound email throttling that is going to be quite tricky. A couple of methods you could research would be :-

    * Implement a policy daemon that supports per user restrictions :- Policyd : HomePage
    * Implement TC and throttle SMTP traffic :- Linux advanced Routing & Traffic Control HOWTO
    * Modify the Postfix configuration in master.cf to reduce how many SMTP daemon can be started

  3. #3
    iway is offline Partner (VAR/HSP)
    Join Date
    May 2008
    Posts
    432
    Rep Power
    7

    Default

    Yes, we'd like for a Zimbra-integrated throttling solution as well!

  4. #4
    fowler is offline Trained Alumni
    Join Date
    Jan 2009
    Location
    Fresno
    Posts
    31
    Rep Power
    6

    Default

    Mitigating the fallout of phished accounts has been a huge headache and a Zimbra integrated throttling solution (policyd in 6.0?) would be greatly valued.

  5. #5
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Please feel free to check Bugzilla for any current RFEs which may fit your idea, and vote for them, otherwise raise one for others to vote on and post the number back here.

  6. #6
    fowler is offline Trained Alumni
    Join Date
    Jan 2009
    Location
    Fresno
    Posts
    31
    Rep Power
    6

    Default

    This best describes the desired feature enhancement, but should be monitored at the SMTP port.

    Bug 22300 - rate limit amount of mail sent via web client

    It addresses a chronic problem admins are plagued with on holidays, nights and weekends. Another dealing with this issue:
    Help with compromised accounts

    Rate limiting is not a perfect solution, but it will help our MTAs from being blacklisted by Yahoo, GMail, Hotmail, etc and limit the impact our mail queues struggle to cope with when accounts are compromised.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Re-creating the spam training e-mail account
    By richard-hdd in forum Administrators
    Replies: 21
    Last Post: 03-20-2012, 07:34 AM
  2. [SOLVED] Messages stuck in user_root folder
    By mgriego in forum Administrators
    Replies: 2
    Last Post: 11-11-2008, 01:37 PM
  3. Replies: 3
    Last Post: 07-28-2008, 12:20 AM
  4. New messages not showing up in outlook
    By bersrker in forum Zimbra Connector for Outlook
    Replies: 4
    Last Post: 01-16-2007, 08:17 AM
  5. Spam assassain not traiing properly!
    By Mike T in forum Administrators
    Replies: 1
    Last Post: 10-09-2006, 01:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •