Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Abused: Full queue folder & ban IP question
  •  
Spacey

Messages: 156
Karma: -8
Send a private message to this user
Hi,

unfortunately one of my kerio mailaccounts has been bruteforced, hacked or whateverd - lots of spam was sended via that auth'ed account. I changed the password and now no more new spam is accepted. Already hardened my SMTP sending rules few minutes ago. Got a few questions:

1) Now I see in my security log the SMTP attempts from the bad guys -> mostly russian or polish IPs. Is there any chance to ban them within kerio? So that they're not able even to try to login? Didn't find anything...

2) My "/usr/local/kerio/mailserve/store/queue/" subfolders were full of spam - I moved the old queue directory to a save location and created a new one so Kerio can work with a clean queue folder. Kerio itself seems to work fine.

-> Problem was & is: I wasn't able to view the queue via the webinterface (it loaded the "show queue" screen forever). Is there any tool to view and handle a large queue folder? I want to view that folder any check out if there's anything importand non spam in it.

Thanks & Regards!
  •  
camisy

Messages: 114
Karma: 12
Send a private message to this user
re 1: I don't think this is necessary, if you block a specific IP spammers will simply use another one of their proxy or zombie PCs. Should your connect be running on Linux take a look at fail2ban if you feel better then.
  •  
Spacey

Messages: 156
Karma: -8
Send a private message to this user
It's an OSX Server... OK, fail2ban would run on that one as well. Thanks for the idea!

For 2) I'll try to create a new user (since I don't want to sync/imap all the spam on my client) and create there a new folder and put all the eml's into it. Maybe that'll work - tomorrow...
  •  
Spacey

Messages: 156
Karma: -8
Send a private message to this user
Just putting the .eml files into an user directory doesn't work unfortunately.

Besides another question:

Is there an option that the server only allows to send emails from addresses that exist on the server?

Example: xyz<_at_>domain.com does not exist either as an username or an email alias and so Kerio won't allow to use that address as a "sent from"?
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Spacey wrote on Mon, 02 September 2013 10:08


Is there an option that the server only allows to send emails from addresses that exist on the server?

Example: xyz<_at_>domain.com does not exist either as an username or an email alias and so Kerio won't allow to use that address as a "sent from"?

Yes. There is such option in upcoming Kerio Connect 8.2.
  •  
Spacey

Messages: 156
Karma: -8
Send a private message to this user
Great to hear!
Guess 8.2 isn't far away when it's already b3 state....
Previous Topic: Internal only Out of Office
Next Topic: no webmail address autofill
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Aug 24 01:15:00 CEST 2017

Total time taken to generate the page: 0.00473 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.