Relay Tracking CSF v.10.09
Posted: 29 May 2017, 09:57
Hi everybody,
in last couple of weeks - month We have experienced mass e-mail sent from our users that had hacked smtp's but We didn't got any notifications about them sending big amout of e-mails. We suspect that this might be cos of hackers bein more smart and not sending from one IP rather then from multiple IP's and there is no reaction from system to sent notification to us about it.
We do realize and this part works fine when e-mails are sent from one IP and when more them 50 (limit we set) is send We get the notification it's great. That is not the case when hacker sends it over multiple IP but small amouth of e-mail messages. For example e-mails are sent from 150 different IP's but he only sends around 10 maybe 15 e-mail's per IP and the system doesn't seem to respond to it. We see that ''user'' has send over 1500-2000 email in 20 minutes but We never get the notification for it, unleass We check it under Mail Delivery Reports in WHM.
Is there any possibilite to setup something for our problem in congifuration so system sends us notification weather is it from one IP like now or multipule IP's so it will monitor @domainname.com or mybe some custom rule would help here?
Thanks in advance
in last couple of weeks - month We have experienced mass e-mail sent from our users that had hacked smtp's but We didn't got any notifications about them sending big amout of e-mails. We suspect that this might be cos of hackers bein more smart and not sending from one IP rather then from multiple IP's and there is no reaction from system to sent notification to us about it.
We do realize and this part works fine when e-mails are sent from one IP and when more them 50 (limit we set) is send We get the notification it's great. That is not the case when hacker sends it over multiple IP but small amouth of e-mail messages. For example e-mails are sent from 150 different IP's but he only sends around 10 maybe 15 e-mail's per IP and the system doesn't seem to respond to it. We see that ''user'' has send over 1500-2000 email in 20 minutes but We never get the notification for it, unleass We check it under Mail Delivery Reports in WHM.
Is there any possibilite to setup something for our problem in congifuration so system sends us notification weather is it from one IP like now or multipule IP's so it will monitor @domainname.com or mybe some custom rule would help here?
Thanks in advance