Email Unauthorized Access & Setup Limits on Email Accounts

flaxxain

Hello,

Somehow someone is able to access the email accounts and is sending SPAM emails from our server.

I need to know how are they able to get inside and how to put limits on the daily sending of emails.

I need to setup limits on email sending either by domain, or email accounts.

Let me know.

Thanks!

nebulon

You should be able to see those email and thus the originating account in the email event log in your cloudron dashboard. Maybe reset the password of that account if it got compromised.

If you don't see those mails there, then maybe you have setup some other service which is allowed to send emails from that domain?

flaxxain

Ok, what about limits on a domain or email account?

Let me know.

humptydumpty

Also, check if mail app passwords were created and compromised under a user's profile.

flaxxain

I checked the emails and it was just compromised for a particular user. But under the profile section of that user, there were no app passwords.

flaxxain

Is there any possibility of adding limits on a domain or email account or a user to send emails?

joseph

@flaxxain said in Email Unauthorized Access & Setup Limits on Email Accounts:

Is there any possibility of adding limits on a domain or email account or a user to send emails?

There is only a mailbox size limit . There is no way to set limits of how much an account can send, if this is what you are asking. You can raise a Feature Request (separate category) and we can look into it.

The mail server is designed to be used in an internal org. It's not meant to have your own users as adversaries. One has to go really out of the way to send a very large amount of email....

(In any case, if the accounts are compromised, can't they login as admin and simply change those numbers?)

flaxxain

Ok, I understand that. The case which you're saying is different. If anyhow the user doesn't have access to the Admin and just the user account is compromised then he can send emails from that account only and if admin has setup limits over that then the spammer can't go beyond the limits.

Limits should be setup in any case and should be controlled by Admin.

This is a very important and good feature that needs to be implemented.

I hope you understand.

Thanks!