patrick0001 — 2013-05-16T06:25:59-04:00 — #1
We own a dedicate server (Apache) and provide share hosting to 50 client. Each time when one of the client PC attack by virus, the particular PC will automatically send out spam email and causing the mail server IP block by ISP.
How can we avoid this problem? Any server module to monitor spam, e.g. auto block number of email send out in short duration, or delay email send out for the particular client.
vincewicks — 2013-05-20T07:52:10-04:00 — #2
Please provide some more info like mail server configured using postfix or qmail or something else?
Have installed the package spamassassin etc?
patrick0001 — 2013-05-21T05:31:20-04:00 — #3
I need to double check with the server guy, because we never direct handle server. By the way, what is the usual step to fight spam?
gate2vn — 2013-05-30T03:25:39-04:00 — #4
If you have a hosting control panel, it might have limitation feature, that you only allow each user can send out xx messages per hour, per day. DirectAdmin has that, for example.
Using an outgoing-spam filter is much more better, but usually it costs more. We are currently using SpamExperts and it does good job.
@vincewicks: Patrick is having trouble with outgoing spam messages from his server, not incoming spam messages to his emails.
dklynn — 2013-06-01T19:16:24-04:00 — #5
gate2 has the approach to throttle the spam but requiring user login to send e-mail should stop the spam at the front door.
UNLESS the client has been hacked (by not keeping his/her CMS up to date thereby allowing "script kiddies" to hack the account and send SPAM as the server). In that case BAN the client until he/she updates his/her CMS OR reinstalls. Failure to keep clients like this in line will bring your hosting service down.
dklynn — 2013-06-02T18:34:28-04:00 — #6
Sorry, I forgot to mention "maldet" scans which will find (and destroy/quarantine) malware but I've found that it needs to be installed by the host (apparently, it's very powerful so the host was reluctant to allow clients to do the install and setup the CRON to run it (on a daily basis). However, if you have a good host, they will do that for you and you'll have malware on your server identified in time to stem the tidal flow of SPAM.
On an account-by-account basis, I also run a CRON script (PHP) which takes hashes of my ("infectable") files and stores them in a database. This script will then e-mail me on a daily basis that no files were changed or the list of files added, altered or deleted. I wrote an article for SitePoint with the code (but download the zip file for the latest code and article updates) and check in the Web Security board for more on similar topics.