unknown users sending e-mails from our hmailserver
Posted: 2020-05-07 11:38
Hi Guys,
I really need some help on this.
We have an hmail server that we use for our OTRS ticketing system, and for our devices (routers, switches, servers, scanners, ... etc) to send notifications.
The problem I see is that there are many unknown users (no account on the server) using this mail server to send spam. I can see many e-mails daily in the queue in the form of SOMEONE@our.domain sending to random addresses.
This is of course causing the mail reputation to drop to poor, and our tickets e-mails to our clients are rejected.
I am trying to obtain the the IP addresses of the offending spammers and block them from reaching the server, but this is a losing battle, as there are thousands of them.
Any suggestion on how to check if the account does actually exist in any of the domains defined in the server, and if it not just simply block it/prevent it from sending ? any available script for that ?
we do use Auto-ban, and defined IP ranges, but offenders still seem to be able to authenticate and send mails.
I appreciate any help on that.
I really need some help on this.
We have an hmail server that we use for our OTRS ticketing system, and for our devices (routers, switches, servers, scanners, ... etc) to send notifications.
The problem I see is that there are many unknown users (no account on the server) using this mail server to send spam. I can see many e-mails daily in the queue in the form of SOMEONE@our.domain sending to random addresses.
This is of course causing the mail reputation to drop to poor, and our tickets e-mails to our clients are rejected.
I am trying to obtain the the IP addresses of the offending spammers and block them from reaching the server, but this is a losing battle, as there are thousands of them.
Any suggestion on how to check if the account does actually exist in any of the domains defined in the server, and if it not just simply block it/prevent it from sending ? any available script for that ?
we do use Auto-ban, and defined IP ranges, but offenders still seem to be able to authenticate and send mails.
I appreciate any help on that.