On the TurboMail mail server, how does one Prevent email theft and Spam!

On the TurboMail mail server, how does one Prevent email theft and Spam!
Users cannot send or receive emails, network bandwidth is congested, and Server IP addresses are blacklisted. When this happens in the system, note that your email server system may be hijacked by the spam sender to send mass spam.

1) Cause Analysis

Accounts are stolen and spam is mainly caused by the following:

① The account password setting is too simple. Many mail users set a simple account password due to negligence. This password is easily cracked by dictionary-based cracking technology.

② If you use mail clients such as Outlook and foxmail to send and receive emails, if your client does not have anti-virus software installed, once your operating system has a trojan virus that steals your email account, the email account password is easily stolen.

③ If a user uses an account and a common password to register an account on another website, disclosure of information on these websites may result in leakage of the email account password.

The above situations are common account and password leaks. However, once the account and password leaks, the normal operation of the entire email server is not only affected by an account.

2) how to prevent

No matter how advanced anti-theft code technology is used in the system, the most important thing is to strengthen the security awareness of users and fundamentally eliminate this phenomenon, such as using a complex password, do not use a number including the user name or anniversary as the password, and change the mailbox password on a regular basis.

The TurboMail email server has made many preventive measures and settings on the anti-theft number to prevent spammers from attacking the source.

① Prevent SMTP account theft

When a user's email address is used to send spam, the user's email address will always frequently send similar-sized spam emails based on a certain frequency of time. Based on the characteristics of spam sending, The TurboMail mail server will automatically scan the user's email status, when it is detected that a user may frequently send spam, the account can be automatically locked to block the sending of Spam in a timely manner to ensure the normal sending and receiving of emails from other users.

System settings

System Administrator postmaster logon backend management → system settings → SMTP Service

The system administrator can determine whether the user account has been used to send spam by checking the frequency and size of mails sent by users on a regular basis based on the actual situation of the enterprise. Once the user is determined to have been used to send a large number of spam mails, the user account will be locked. The user must apply to the Administrator for unlocking and changing the email password.

② Use anti-spam engine for external mail

The TurboMail mail server's anti-spam engine is used to determine whether emails sent by system users are spams. If it is determined to be spam, you can send an "outgoing spam prompt" to the user through the mail system to promptly remind the user of the usage of the mailbox. In addition, if the number of outgoing spam mails reaches a certain level, the user's email account will be automatically locked to avoid further spam.

System settings

System Administrator postmaster logon backend management → anti-spam/anti-virus → anti-spam engine settings

Lock example

Postmaster as the Mail System Administrator logs on to the background management → System Monitoring → list of accounts for sending spam emails due to SMTP account theft

Once a user's email account is locked, the user cannot use the account to send emails on the mail client, such as outlook or foxmail. At this time, the mail client will prompt:

The system administrator can set the "Number of outgoing Spam Emails locked" and the content of outgoing spam reminders based on the actual situation. After the user is locked, apply to the Administrator for unlocking and changing the email password.

3) how to solve the problem

If the preventive action fails, the internal email server has been intruded by the spam sender and a large number of spam mails are forwarded. At this time, the system administrator can take some actions to solve the problem.

The enterprise mail server is used to send spam, generally because of two situations:

The password of the mailbox user is stolen, and the spam sender uses the stolen account to send spam;

The email system has set the allow transfer function.

To address these two situations, the system administrator must first determine which one is and then take the right medicine.

1. If your email account password is stolen, log on to the TurboMail Mail Server background management to view the server Queue.

Log on to the background → System Monitoring → view server queues

Check the server Queue. If the queue is abnormal, for example, thousands or even tens of thousands of emails are arranged in the queue, and most emails are sent from the same account, it is certain that the password of this account has been stolen and used. There are only dozens of normal server queues and a maximum of hundreds of emails.

Solution: Find the stolen account name, modify the account password, and try to increase the complexity of the password, prevent the password from being cracked again, and delete all emails of the account in the server Queue, you can solve the problem.

2. allow transfer: the system administrator checks the server Queue and finds that there are a large number of emails in the queue, not from the same account, that is, being used to send spam through the transfer.

Log on to the background → system settings → SMTP Service

Solution: deselect the "allow Email Transfer" check box, delete all emails in the server Queue, and prohibit spam senders from forwarding spam emails on the mail server.

To prevent spam from being used by the mail server account, enterprises should first strengthen user security awareness and focus on password security and SMTP account theft prevention, free spam senders from holes