1

Topic: automatically disable spamming account

Hi community! is it any way to setup IredMail free version to block a spamming account and automatically change its password? the thing is that its the 3rd time one of my accounts is compromised...obviously for weak password (thats anooother story..would thank also any posibility to force password strength mandatory ) and well..other stuff...Please dont want to be continuosly running mailq command for noticing spammer attack.

Tom

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: automatically disable spamming account

Hi guys...no answer in a month...is this site still alive?
thanks

3 (edited by Cthulhu 2020-03-03 04:58:20)

Re: automatically disable spamming account

If you create a request, u are asked to fill in required informations.

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

You just ignored everything, maybe if you provide some more information, then maybe someone is willing to help you

If you dont use iredadmin, its up to you to ensure strong password generation.

You have the possibility to throttle outbound messages, or to block outgoing spam mails, or even combine both.

But 3rd time a compromised account doenst seem to be a good configuration at all.

Was the spam sent trough an authenticated account, or via sendmail? forged senders?

which kind of spam got sent?

4

Re: automatically disable spamming account

iRedAPD (postfix policy server) supports sending report to admin (root user by default) when someone exceeded the throttle, but not disable the account. Is it enough for you?