This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SG 125 sends thousands of spams

A user account has been hacked. A customer's SG 125 sends thousands of spam messages despite an outbound scan(Mail - SMTP, Relaying, scan outgoing). All emails are deleted in the mail manager, a hard job, but the SG continues to send them. Restart didn't help either. I don't see a way to stop this, customer is now blacklisted. Firmware version: 9.714-4.
Has someone an idea to prevent this in the future?

Thanks Heiko



This thread was automatically locked due to age.
  • How did the user get 'hacked'?  Did anyone actually figure out a root cause?

    Enabling 2FA would definitely help with that, and password complexity enforcement is another helpful method, so it doesn't allow '12345' as a password.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • The user connect with imap/smtp-auth to the system. I don't know, how the passwort became known.
    But whatever. it shouldn't be that spam goes outside despite outgoing filtering. 

  • Did you vacuum the exim mail queue? Maybe there are plenty of mails on hold.

    As countermeasure you might consider rate-limiting.