Knowledgebase
Knowledgebase
Portal Home > Knowledgebase > Articles Database > Mail Server Hardening Tips?
Mail Server Hardening Tips?
Posted by brandon272, 08-15-2008, 03:39 PM We have a linux server running cPanel/WHM and using Exim for mail, we're also using SpamAssassin to label messages as spam. I have made a few modifications to settings and installed things like DomainKeys, but am wondering if I am doing enough. My objectives are to: 1) Prevent mail users on the server from being inundated with spam, and/or be able to effectively manage any spam that does come through. 2) Ensure that messages that my mail users send out remains as highly deliverable as possible. 3) Make it difficult for third parties to exploit my mail server for their own spamming needs. Are there any good tutorials out there on this stuff that should at least cover some of my bases? Where should I begin? The only thing preventing me from hiring out the work to someone else is that I'd like to learn how to do it myself. Thanks! Brandon
Posted by tracerouteme, 08-16-2008, 12:10 AM Make sure mail relaying is disabled. Set reverse dns for the server IP's, SPF record for the domains. If you're getting too many mails to non existing users, set catchall address to fail.
Posted by AnandVK, 08-16-2008, 01:32 AM Here are some tip will help you to secure your mail server to some extent ------------------------------------------------------------------------------------------------- Make sure that you "Prevent nobody user to send mails" is Enabled from WHM -> Tweak Settings (Will help to prevent spam mail sent from your server) Use SSL over secure ports will ensure that the connection is encrypted when the users password is sent and data is transfered Try to use Secure Email protocols and related ports POP3S 995 IMAPS 993 SMTPS 465 Instead of Unsecure ports POP3 110 IMAP 143 SMTP 25 Use Exiscan The Exiscan patch is widely used, stable and powerful, allows scanning at SMTP time for: Anti-virus Anti-spam File extension blocking Regular expression blocking Exiscan supports a lots of external anti-spam/anti-virus tools including SpamAssassin, Sophos/sophie, Kaspersky, ClamAV, Brightmail, generic command line etc. Also has useful in-built MIME-based tools. Operates in the ACL system The MX problem If you have more than one mail server, all will need identical protection. Firewalls It will also be necessary to allow connections to the servers through your firewall. Be sure you have a good firewall in place to only allow the required connections. Don't allow hackers to learn which version of the web server software you are running by inducing an error and thus an automated server response. Attacks are often version specific. Spammers also trigger errors to find email addresses. AnandVK
Posted by brianoz, 08-18-2008, 11:48 AM Agree with everything said above. Some random thoughts: - ASSP seems to be very effective at reducing spam; although exiscan may be similar, especially if it allows scan at smtp time. - Consider using nolisting techniques which reduce spam a lot (40-60%) - Try to keep email addresses off webpages on the server, even if you have to do post processing in Apache to encode email addresses - Don't use "blackhole" with exim unnecessarily - install some sort of Dictionary attack mitigation, preferably coupled with a firewall capable of blocking attackers - set default limit on outgoing emails to 250 per hour - use CSF - ConfigServer Firewall - which will block attackers quite quickly - run suphp or phpsuexec to isolate your users from one another - run mod_security with a good minimal pattern set to catch known breakin patterns - don't fall into the trap of thinking secondary mail service and/or redundant DNS will solve all your problems; you probably want to avoid both unless you really understand the issues. There are lots more, but there's a quick dump ...
Add to Favourites 
Print this Article
Also Read
