In recent months a lot of email accounts
worldwide are being broken into and used to send spam. This is
done using thousands of automated robots probing for accounts with 'obvious'
passwords. And no doubt also using phising techniques as well to trick
users into giving out details. The spammer then starts sending email from
your server and it will get blacklisted (this is usually when people notice
the problem!)
If this hasn't happenned to your server yet, you can
be sure it will happen in the near future. Here are some settings you
should at least consider and or adjust to limit the damage when this
occurs.
Some of these settings may confuse or annoy your real
users, so set as appropriate for your situation!
ChrisP.
# Find any local accounts with really really obvious
passwords!
tellmail test_weak
# Login guesses per IP before it is automatically and
permenently locked out. Use tellmail unlock ip.address to fix...
G_HACKER_MAX "10"
# this won't stop them as they use so many robots to
guess from, but it might
# slow them down or stop simple attacks.
# If hacker attempts to login to one of these then
the ip is instantly locked out. (Don't use accounts that really
exist)
G_HACKER_POISON HIDDEN@,administrator@*"
# Only allow smtp logins if the user has previously
logged in via imap/pop from the same address
G_SAFE_SMTP "true"
# Max messages an authenticated user can send per 30
minutes, e.g. 5000
G_SPAM_USER_MAX "2000"
# Max outgoing messages per ipaddress/return path
pair, 30 minutes, e.g. 5000
G_SPAM_FROM_MAX "2000"
# Detect local users sending 'spam like' email and
send a report to the manager.
G_OUTGOING_N "5"
# White list for people you know send mail that looks
a bit dodgy. :-)
G_OUTGOING_WHITE HIDDEN@re.com,1.2.3.4"
# send manager an email if a local user sends more
than 300 message in a day...
G_USER_SEND_WARNING "300"
g_user_send_ip
"300"
