Lots o' spam
-
Good evening,
We've seen a unhealthy increase in spam lately. I'm wondering if I have a hole in my linux servers. I have changed all the passwords, closed all the unused ports, and installed fail2ban. Is there anything else I can check to see what's going on?
-
None of those things would be expected to influence spam. Spam doesn't come through hacked accounts, open ports, etc. It doesn't attempt to authenticate, so fail2ban would never influence it even if configured for SMTP. One port, 25, is always open and all spam comes in unathenticated right through there.
Spam increases based on three key factors....
- Overall load of spam being sent out.
- Reduction in effectiveness of spam filter.
- More exposure caused by domain or addresses being scraped or collected in some fashion.
-
Of those you only influence #2. Other that tweaking your spam filtering, nothing you do will change the amount of spam.
-
What/who is doing your spam filtering?
Time to tighten your settings or send a truck load of false negatives to your provider. -
@nadnerB said in Lots o' spam:
What/who is doing your spam filtering?
Time to tighten your settings or send a truck load of false negatives to your provider.Or get a new provider. We do our own and while we get some, it really isn't bad at all.
-
@scottalanmiller definitely something that should remain an option at all times.
How many chances do you give your spam filter SaaS mob? Up to you but draw a line in the sand and stick to it.
-
@nadnerB said in Lots o' spam:
What/who is doing your spam filtering?
Time to tighten your settings or send a truck load of false negatives to your provider.@scottalanmiller said in Lots o' spam:
@nadnerB said in Lots o' spam:
What/who is doing your spam filtering?
Time to tighten your settings or send a truck load of false negatives to your provider.Or get a new provider. We do our own and while we get some, it really isn't bad at all.
We have a Barracuda 300 series. I just applied a firmware update, I thought I was up to date but one just came out a couple weeks ago.
I guess I jumped to our Linux boxes because I just moved two of our servers in house.
-
@WLS-ITGuy said in Lots o' spam:
@nadnerB said in Lots o' spam:
What/who is doing your spam filtering?
Time to tighten your settings or send a truck load of false negatives to your provider.@scottalanmiller said in Lots o' spam:
@nadnerB said in Lots o' spam:
What/who is doing your spam filtering?
Time to tighten your settings or send a truck load of false negatives to your provider.Or get a new provider. We do our own and while we get some, it really isn't bad at all.
We have a Barracuda 300 series. I just applied a firmware update, I thought I was up to date but one just came out a couple weeks ago.
I guess I jumped to our Linux boxes because I just moved two of our servers in house.
Your email is hosted on Linux servers in house? What email server are you using? And is your inbound port 25 limited to ONLY coming through your Barracuda?
-
@scottalanmiller said in Lots o' spam:
@WLS-ITGuy said in Lots o' spam:
@nadnerB said in Lots o' spam:
What/who is doing your spam filtering?
Time to tighten your settings or send a truck load of false negatives to your provider.@scottalanmiller said in Lots o' spam:
@nadnerB said in Lots o' spam:
What/who is doing your spam filtering?
Time to tighten your settings or send a truck load of false negatives to your provider.Or get a new provider. We do our own and while we get some, it really isn't bad at all.
We have a Barracuda 300 series. I just applied a firmware update, I thought I was up to date but one just came out a couple weeks ago.
I guess I jumped to our Linux boxes because I just moved two of our servers in house.
Your email is hosted on Linux servers in house? What email server are you using? And is your inbound port 25 limited to ONLY coming through your Barracuda?
No we have Exchange 2016 on a 2012 server. I have 2 servers that are relaying to the exchange server. 90% of the traffic is from in house users so I decided to bring them in house from Linode. I thought I might have had something opened/vulnerable.
-
@scottalanmiller said in Lots o' spam:
@WLS-ITGuy said in Lots o' spam:
@nadnerB said in Lots o' spam:
What/who is doing your spam filtering?
Time to tighten your settings or send a truck load of false negatives to your provider.@scottalanmiller said in Lots o' spam:
@nadnerB said in Lots o' spam:
What/who is doing your spam filtering?
Time to tighten your settings or send a truck load of false negatives to your provider.Or get a new provider. We do our own and while we get some, it really isn't bad at all.
We have a Barracuda 300 series. I just applied a firmware update, I thought I was up to date but one just came out a couple weeks ago.
I guess I jumped to our Linux boxes because I just moved two of our servers in house.
Your email is hosted on Linux servers in house? What email server are you using? And is your inbound port 25 limited to ONLY coming through your Barracuda?
All inbound and outbound is set to run through the cuda box.
-
@WLS-ITGuy said in Lots o' spam:
@scottalanmiller said in Lots o' spam:
@WLS-ITGuy said in Lots o' spam:
@nadnerB said in Lots o' spam:
What/who is doing your spam filtering?
Time to tighten your settings or send a truck load of false negatives to your provider.@scottalanmiller said in Lots o' spam:
@nadnerB said in Lots o' spam:
What/who is doing your spam filtering?
Time to tighten your settings or send a truck load of false negatives to your provider.Or get a new provider. We do our own and while we get some, it really isn't bad at all.
We have a Barracuda 300 series. I just applied a firmware update, I thought I was up to date but one just came out a couple weeks ago.
I guess I jumped to our Linux boxes because I just moved two of our servers in house.
Your email is hosted on Linux servers in house? What email server are you using? And is your inbound port 25 limited to ONLY coming through your Barracuda?
All inbound and outbound is set to run through the cuda box.
Set to, but is everything else effectively banned?
-
@WLS-ITGuy said in Lots o' spam:
@scottalanmiller said in Lots o' spam:
@WLS-ITGuy said in Lots o' spam:
@nadnerB said in Lots o' spam:
What/who is doing your spam filtering?
Time to tighten your settings or send a truck load of false negatives to your provider.@scottalanmiller said in Lots o' spam:
@nadnerB said in Lots o' spam:
What/who is doing your spam filtering?
Time to tighten your settings or send a truck load of false negatives to your provider.Or get a new provider. We do our own and while we get some, it really isn't bad at all.
We have a Barracuda 300 series. I just applied a firmware update, I thought I was up to date but one just came out a couple weeks ago.
I guess I jumped to our Linux boxes because I just moved two of our servers in house.
Your email is hosted on Linux servers in house? What email server are you using? And is your inbound port 25 limited to ONLY coming through your Barracuda?
No we have Exchange 2016 on a 2012 server. I have 2 servers that are relaying to the exchange server. 90% of the traffic is from in house users so I decided to bring them in house from Linode. I thought I might have had something opened/vulnerable.
Check your windows servers that do not have any strange services, that is what happened to consultant in SW.
https://community.spiceworks.com/topic/2180564-finding-spamming-pc?page=1#entry-8117171 -
@scottalanmiller said in Lots o' spam:
@WLS-ITGuy said in Lots o' spam:
@scottalanmiller said in Lots o' spam:
@WLS-ITGuy said in Lots o' spam:
@nadnerB said in Lots o' spam:
What/who is doing your spam filtering?
Time to tighten your settings or send a truck load of false negatives to your provider.@scottalanmiller said in Lots o' spam:
@nadnerB said in Lots o' spam:
What/who is doing your spam filtering?
Time to tighten your settings or send a truck load of false negatives to your provider.Or get a new provider. We do our own and while we get some, it really isn't bad at all.
We have a Barracuda 300 series. I just applied a firmware update, I thought I was up to date but one just came out a couple weeks ago.
I guess I jumped to our Linux boxes because I just moved two of our servers in house.
Your email is hosted on Linux servers in house? What email server are you using? And is your inbound port 25 limited to ONLY coming through your Barracuda?
All inbound and outbound is set to run through the cuda box.
Set to, but is everything else effectively banned?
yeah, you would want to make sure that the only device getting smtp traffic from outside, is the barracuda.
-
I used to use a barracuda 300 (for about 6 years) in conjunction with their cloud filtering for our on-prem Exchange 2010 server. I think there were 2 times that they had some sort of issue where they let a crap-ton of spam through, unfiltered.
I have moved to Office 365 and am exclusively using their filtering. I think barracuda was better at filtering. Especially, when it comes to phishing messages that pretend to be from Microsoft's services. You'd think that Microsoft would be able to catch those better than anyone. Not in my experience.
