mail server – Internetblog.org.uk https://www.internetblog.org.uk Web hosting, Domain names, Dedicated servers Fri, 29 Jan 2016 11:05:52 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.5 https://www.internetblog.org.uk/files/2016/01/cropped-favico-32x32.png mail server – Internetblog.org.uk https://www.internetblog.org.uk 32 32 How Do Spammers Send Spam from My Server? https://www.internetblog.org.uk/post/1536/how-do-spammers-send-spam-from-my-server/ Thu, 15 Jul 2010 17:31:56 +0000 http://www.internetblog.org.uk/post/1536/how-do-spammers-send-spam-from-my-server/ Wall of real spam
When your server has become a haven for spammers, it is never a pleasant ordeal. Your server will probably be blacklisted, causing many of the emails you send to bounce back, and you may have serious connection problems due to the spammer using valuable system resources.

There are a couple of ways in which spammers will use a server to send their emails. The first is through an open relay in your mail server. This is something that you can easily fix in both Postfix and Sendmail. I will post more about fixing an open relay tomorrow. The second method is by signing up for a legitimate hosting account with your web hosting service, but then using the account to send spam. By the time you figure out what they have done, they are usually long gone.

The third and probably most nefarious method of sending spam from your server is through an actual attack on your server. When a hacker finds a hole in your security, they will install a bot on the server. That bot will then act as a small mail server for the hacker, all without your knowledge. You may not even notice it unless it causes some side effects. All three methods should be fixed with increased security and careful scanning of your server for possible threats.

Photo Source: Flickr

]]>
Mail Server Causing High Server Load https://www.internetblog.org.uk/post/1535/mail-server-causing-high-server-load/ Thu, 15 Jul 2010 16:26:42 +0000 http://www.internetblog.org.uk/post/1535/mail-server-causing-high-server-load/ Mail letter iconQuestion: My CPU usage on my server is very high, and it seems to be originated from my mail server. What could be the problem?

Answer: If your mail server is sucking up valuable CPU power, there are a couple of possibilities, none of which are pleasant.

1. You or users on your server are getting a lot of emails, more than usual. Although it is possible that it is just a temporary thing, it could be a deliberate attack on your server.

2. Someone is sending spam from your server, using an open relay in your SMTP settings or exploiting a user’s account.

3. Your server is receiving a ridiculous amount of spam (i.e. spam attack). This could be an intentional attack or just a particularly bad day.

Usually, if the CPU upswing is substantial, you should be really concerned about your server’s security. Take a look at the mail server logs and see where the emails are originating and where they are being sent. Take note of IP addresses, user names, and any other useful information. If you cannot figure it out, you can take the data to a security expert who can help you solve the problem.

]]>
Extra Large Log Files https://www.internetblog.org.uk/post/1530/extra-large-log-files/ Wed, 14 Jul 2010 19:13:00 +0000 http://www.internetblog.org.uk/post/1530/extra-large-log-files/ Linux syslog file
Question: One of my Linux system log files has suddenly become very large (several hundred megabytes). What should I do?

Answer: The first thing to find out is what exactly is happening in the log files. To see the latest log activity for your web server error log, for example, you would run:

tail -f /var/log/httpd/error.log

If the file is expanding, you should see errors popping up. When you are finished looking at it, press CTRL-C.

The next step is to fix whatever error you are receiving. If it is enough to fill up several megabytes or even a gigabyte of log space, it is a recurring error that should be fixed. For a web server, repeated failed connections could be some type of denial of service (DoS) attack. For a mail server, numerous open connections could mean that someone is using your server to send spam. The key is to find out exactly what the root cause is and then fix it. If you want to clear the log file, run:

> /var/log/httpd/error.og

Your logs will be back to normal size once your server is running normally again.

]]>
PHP Mail Vs. SMTP Mailing Lists https://www.internetblog.org.uk/post/1382/php-mail-vs-smtp-mailing-lists/ Tue, 01 Jun 2010 22:01:35 +0000 http://www.internetblog.org.uk/post/1382/php-mail-vs-smtp-mailing-lists/ Joomla mail settings
Whether your goal is marketing or simply communicating with your website’s online community, there comes a time when you need to send out a mass email. I am not suggesting you spam your customers or users. What I do suggest, however, is that you have some way of contacting people who were interested enough to join your site or sign up for updates.

Many content management systems, such as Joomla, have mass email features built-in that allow you to easily send mail to your users. Usually, they will present you with two options: PHP Mail or SMTP. PHP Mail essentially calls a particular PHP function that will contact your mail server (such as Sendmail or Postfix) to send the email. SMTP functions just like a regular email client and will login to an email account.

From personal observation and the advice of people who have tried it, unless you have some pressing reason to avoid SMTP, you should prefer it over PHP Mail. Although you may not notice the difference for small mailing lists, something larger can bog down your server when using PHP Mail. It works fine for occasional contact forms, but for mass emailing, you should just go directly to the source: your mail server.

]]>
When You Are Accused of Spamming… https://www.internetblog.org.uk/post/1324/when-you-are-accused-of-spamming/ Mon, 17 May 2010 18:36:41 +0000 http://www.internetblog.org.uk/post/1324/when-you-are-accused-of-spamming/ No SPAM
Question: My web host has accused me of being a spammer and has suspended my account. How do I prove I am not a spammer?

Answer: Usually, you will only be accused of spamming in one of three situations: (1) you actually are a spammer, (2) your account is hosted on an unsecured mail server, or (3) You have a dedicated server or VPS, and you have left your mail server unsecured.

In the case of the first situation, I cannot help you. If you are in situation number 2, then you are truly one of the victims, and whoever is running the server needs to fix the problem. Usually this will happen if the server admin is someone different than the web host. Contact the web host and let them know that you are not in charge of the server but have been blacklisted.

In the third situation, you need to find the security hole in your server and fix it. You could have an open relay in your SMTP system. Another possibility is that a user account has been comprised. And the third unfortunate possibility is that one of your users may knowingly be a spammer. In any case, get the problem fixed first and then tell your web host. You should then automatically start dropping off of DNS blacklists, and everything will go back to normal.

Image: Wikimedia Commons

]]>
Catchall Email Addresses https://www.internetblog.org.uk/post/1293/catchall-email-addresses/ Mon, 10 May 2010 19:16:03 +0000 http://www.internetblog.org.uk/post/1292/catchall-email-addresses/ Spam in Gmail
In the world of web hosting, email addresses can either be real or aliases. A real email address is connected to a mailbox on the mail server. That mailbox will hold any messages sent to the address in queue, awaiting the user to either download it or access it from the Web. An alias is an email address that only holds the appearance of a real account. In reality, any messages sent to it will actually be forwarded elsewhere.

Some websites, particularly those owned by organizations or companies, may use a catchall feature on their mail server. Rather than create an email address for several departments, they may create five and have all other inquiries forwarded to a single address. For example, billing@domain.tld, finance@domain.tld, and stocks@domain.tld may all be handled by the same department. Rather than have an alias for each, the catchall for that domain could point to billing. This can also be useful for catching typos.

There are drawbacks to catchall email settings. Since any email address that does not have a valid mailbox will be accepted and forwarded to the specified account, your account might receive more spam. Some spam bots will seek out keywords like “admin” and “support” and automatically send spam to accounts on your domain with those prefixes. Individual website owners and small organizations will probably not see the benefits of catching extra spam.

Photo Source: Flickr

]]>
MailScanner: Anti-Virus and Anti-Spam Filter https://www.internetblog.org.uk/post/1277/mailscanner-anti-virus-and-anti-spam-filter/ Tue, 04 May 2010 21:27:39 +0000 http://www.internetblog.org.uk/post/1276/mailscanner-anti-virus-and-anti-spam-filter/ Email iconAs the name implies, MailScanner scans incoming mail sent to users on a server and flags them, and handles them according to the server administrators configurations. It is one of the most popular virus/spam filters It is written in Perl and links with other packages in order to accomplish its specified goals

For mail transport, MailScanner requires a mail server such as Sendmail or Postfix. For Anti-Virus, it relies on ClamAV or one of the many other supported solutions, and for Spam, it uses SpamAssassin. It creates a centralized control mechanism for all of these applications and acts as a mail sorter, filtering out the junk.

MailScanner is available for most major Linux distributions and several Unix-like operating systems, such as Solaris and BSD. The website provides binaries for Red Hat, CentOS, Fedora, Debian, and SuSE, and nearly all distributions provide packages in their repositories. MailScanner is free and open source software, released under the GPL.

Image Source: Wikimedia Commons

]]>
How to change the Postfix port number https://www.internetblog.org.uk/post/1164/how-to-change-the-postfix-port-number/ Fri, 02 Apr 2010 20:33:10 +0000 http://www.internetblog.org.uk/post/1164/how-to-change-the-postfix-port-number/ Postfix logoBy default, Postfix, Sendmail, and other SMTP mail servers rely on port 25 to send email. Normally, this is fine and works for most situations. Some Internet Service Providers, however, disagree. They see port 25 as a prime port for spammer exploitation, and many have started to block it.

If this is the case for you and you have root access on your VPS or dedicated server, you might consider changing your SMTP port to something you know you will be able to access. To change the port in Postfix, edit your /etc/postfix/master.cf file as root, commenting out the following line:

smtp innet n - n - - smtpd

Then, add the this line:

2900 inet n - n - - smtpd

Replace “2900” with whatever port you prefer for your mail server. Next, restart Postfix:

service postfix restart

Finally, assuming you have a firewall installed, which any security-minded server administrator should, you will need to tell it to allow traffic through the new mail server port.

]]>
How do I enable SSL/TLS in Dovecot mail server? https://www.internetblog.org.uk/post/1161/how-do-i-enable-ssltls-in-dovecot-mail-server/ Thu, 01 Apr 2010 22:34:21 +0000 http://www.internetblog.org.uk/post/1161/how-do-i-enable-ssltls-in-dovecot-mail-server/ Dovecot logoDovecot is a popular POP3/IMAP server for Unix-like operating systems. It is available through most distributions, including RHEL, CentOS, and Fedora. To enable secure mail transactions, you will need to edit your /etc/dovecot.conf file as root.

Uncomment the following lines:

# Disable SSL/TLS support?
ssl_disable = no

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf

ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem

You can also optionally disable non-secure logins:

disable_plaintext_auth = yes

Finally, you need to restart dovecot:

service dovecot restart

]]>
How to handle known spammers https://www.internetblog.org.uk/post/1157/how-to-handle-known-spammers/ Wed, 31 Mar 2010 21:59:18 +0000 http://www.internetblog.org.uk/post/1157/how-to-handle-known-spammers/ Cans of SPAM
When you are faced with relentless spamming, it is a good idea to use tools that go beyond simple filtering. One way to stop SPAM is to develop some type of proxy that stops known spammers before the messages reach the mail server. Another is to rely on DNS black lists that are periodically updated.

Whatever method you choose, it is important to contribute tot he fight against SPAM by reporting known spammers. The first place to report to is the spammers web hosting provider. The provider is most likely unaware of the spammer’s actions and will suspend their accounts once you tell them.

The second method to try is to contact their Internet service provider. Just as it is a violation of the terms of service for most web hosts, most ISPs will not tolerate SPAM either. Finally, you can contribute to global blacklists by reporting the spammer to SPAM prevention websites. This will ensure that offenders cannot get away with SPAM even if their providers allow it.

Photo Source: Flickr

]]>