Hello, one of my server was infected by a malware some days ago, and using php_mail the Trojan send thousands of mails from my mail-in-a-box server. Now services such gmail, outlook, icloud are blocking my domains emails, based in my IP.
I’ve attached a picture of my Munin monitoring:
As you can see, this is not a normal behavior of the server. My question is:
How can i prevent large postfix queues? Do I have any other solution?
I don’t use my server for newsletter campaigns orother services that need long email queues, so I want to configure more secure sender rate limit to prevent this.
I’d recommend wiping the server and rebuilding it from scratch if it was indeed the server and not a user that was infected.
After that, I would make sure you use passwords that are at least 16-20 characters in length. For SSH I HIGHLY recommend using Private/Public Key Authentication. Try to enforce users to do that same (not for SSH since users shouldn’t have access to SSH).
The problem wasn’t in “mail server”. The infected server was a data server serving multiple webs. The Trojan uses this servers mailing system to make the mail queues. The infected server is clean now and rebuilded, but if a website becomes infected again, i want to limit send rate.
MIAB doesn’t support rate limiting, however MIAB uses postfix.
initial_destination_concurrency = 1
default_destination_concurrency_limit = 1
default_destination_rate_delay = 120
default_destination_recipient_limit = 2
default_process_limit = 1
Delays every senders emails for 2 minutes.
https://wiki.deimos.fr/Postfix:_limit_outgoing_mail_throttling also has some good information and examples.
Oh good idea. This sounds like a very good safety precaution to have enabled by default. Thanks.
Just remember - the configuration changes you make may break MIAB updates or be overwritten.