This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SG 125 sends thousands of spams

A user account has been hacked. A customer's SG 125 sends thousands of spam messages despite an outbound scan(Mail - SMTP, Relaying, scan outgoing). All emails are deleted in the mail manager, a hard job, but the SG continues to send them. Restart didn't help either. I don't see a way to stop this, customer is now blacklisted. Firmware version: 9.714-4.
Has someone an idea to prevent this in the future?

Thanks Heiko

This thread was automatically locked due to age.

0 Amodin over 1 year ago

How did the user get 'hacked'? Did anyone actually figure out a root cause?

Enabling 2FA would definitely help with that, and password complexity enforcement is another helpful method, so it doesn't allow '12345' as a password.

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel
0 hschoene over 1 year ago in reply to Amodin

The user connect with imap/smtp-auth to the system. I don't know, how the passwort became known.
But whatever. it shouldn't be that spam goes outside despite outgoing filtering.
Cancel
Vote Up 0 Vote Down

Cancel
0 Alan Brand over 1 year ago

Did you vacuum the exim mail queue? Maybe there are plenty of mails on hold.

As countermeasure you might consider rate-limiting.
Cancel
Vote Up 0 Vote Down

Cancel