I"m so tired of our mail server IPs being blacklisted -- What are "best practices" for prventing outgoing spam?
It seems like every other day our mail server IP (in /etc/mailips) is getting blacklisted and then we have to change it to another IP... which then gets blacklisted... and then we change it.. .which is blacklisted... etc...
It's VERY frustrating, because we often can't find what customer is causing the problem. Or multiple customers. We regularly find hacked scripts and compromised email accounts, and we know how to search the logs to find them and then suspend them... but then it's too late, and the IP is already blacklisted again.
What are the "best practices" for this situation? What do you other hosting providers do?
Do you enable the Exim Configuration setting of " Scan outgoing messages for spam and reject based on the Apache SpamAssassin" internal spam_score setting"? But does this inform the customer or admin of the rejection? Or is it only at SMTP time, so there is no notification to the customer or admin and that causes them to get upset because "my email is missing!!" since it's sent by never received?
Is there another setting or service that you recommend?
Thanks!
-
This is a VERY WRONG practice to keep changing Exim's outgoing IP address rather than finding out the source of spam. You should start by limiting the number of email messages which can be sent per hour per domain in WHM Tweak Settings under Mail option as well as setting a deferred email threshold. Furthermore you can also monitor the mail queue to see the bounce back messages. If you have many emails stuck in the queue you will be able to check their headers and see where they come from. 0 -
Hi @electric, That's no good. Very frustrating indeed. Have you considered using an SMTP gateway such as SMTP2GO? In terms of keeping your server clean of malware, I'd highly recommend using Imunify 360 and setting up regular scans. Additionally, limit the amount of email each account / domain can send to a conservative limit, like @andrew.n suggested. 0 -
It's not free (but it's only $40 / server) you may also want to consider ConfigServers OSM ( Outgoing Spam Monitor (osm) ). You can setup rules that if over "x" emails are sent from a IP/account/same subject etc. to hold them in the queue, delete them etc. We have found this to be very effective to stop spamming. It took a bit of tweaking/tuning (customers that send newsletters etc.) but once we get it set for a server it pretty much just works. We get notified when an account exceeds our thresholds and then we can review the emails. If they are OK we remove the hold and release them. If they are spam we delete them and then handle the issue with the customer. 0
Please sign in to leave a comment.
Comments
4 comments