Better way to handle spam attacks?

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
aoverton07
New user
New user
Posts: 23
Joined: 2014-03-28 00:56

Better way to handle spam attacks?

Post by aoverton07 » 2019-10-03 20:14

I've been using hmailserver for a while now to manage email for my web application. Recently spam attacks have been getting more frequent and causing downtime. AFAIK hmailserver is handling the spam correctly, I see the failed authentication attempts in the logs and one time filled up my Delivery Queue (all were 550 rejections). How were they able to even get messages in the Delivery Queue in the first place? (I have since deleted that acct)

I have set the Max invalid login attemps to 1

Is there anything else I can do to avoid downtime in the future?

Since I am using the email server only for the web application that is on the same machine can I block all attempts from any server that isn't localhost?

User avatar
mattg
Moderator
Moderator
Posts: 20239
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Better way to handle spam attacks?

Post by mattg » 2019-10-04 01:41

Yes with your IP ranges

Also you can stop AUTH on port 25
https://www.hmailserver.com/forum/viewt ... =7&t=29814
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

aoverton07
New user
New user
Posts: 23
Joined: 2014-03-28 00:56

Re: Better way to handle spam attacks?

Post by aoverton07 » 2019-10-09 19:41

Thank you for the reply.

For the IP Ranges, should I just uncheck everything for the Internet profile (with lower priority than My Computer)?

My list of Auto-bans is growing very fast!

palinka
Senior user
Senior user
Posts: 1216
Joined: 2017-09-12 17:57

Re: Better way to handle spam attacks?

Post by palinka » 2019-10-09 19:55

Sure, if you never plan to receive mail from the outside. You didn't specifically say was the case but it appears that way from the "web application" commentin ther op. Just delete the internet ip range altogether.

If you do need to receive mail there are various other methods. Like Matt said, block auth on port 25.

Also, disable pop/imap on the internet IP range and block all mail ports EXCEPT 25 on your router. Doing all 3 of these things will completely prevent password guessers (as well as removing your ability to check mail on pop/imap client).

After that you'll only have to deal with spammers trying to send your users spam.

User avatar
mattg
Moderator
Moderator
Posts: 20239
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Better way to handle spam attacks?

Post by mattg » 2019-10-10 01:46

Remember that a higher priority is a higher number for IP ranges

A priority of 100 will have precedence over a priority of 10
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply