Finding a Compromised Email Account

June 12, 2013 by 9 Comments

Spam listsA few months ago we put up a post about some steps you can take to avoid having your mail server blacklisted on various RBLs and other anti-spam lists. This is a great preventative measure, but it doesn’t mean an email account can’t get compromised. So, what do you do if you DO have a compromised account on your mail server? In addition, how can you find which account was the one compromised?

Before we look at how to find a compromised account, let’s look at some signs that point to possibly having an account that’s being used for spamming. These indications include:

  • Having email deliveries rejected to popular mail services like GMail, Yahoo! or Live.com
  • Having email deliveries rejected from other ISPs and/or hosting providers
  • Seeing a lot of email filling up your spool
  • And, of course, having customers call in complaining of delivery delays

Thankfully, SmarterMail makes it very easy to find an email account that is potentially compromised. All you need to do is check your Message Traffic report. To do this:

  1. Log in to SmarterMail as the system administrator
  2. Go to the Reports area
  3. Expand System Summary Reports, then Traffic Reports
  4. Click on Message Traffic
    1. This report lists all domains on the mail server, and also displays the total incoming and outgoing messages for those domains. The domain with the compromised account will more than likely be the one with the most outgoing messages.
  5. Click on the domain you suspect to have the compromised account to display all of the users of that domain. Again, the one that is compromised is more than likely the one with the most messages sent.
  6. Click on the user to take a look at their message traffic from the past week. Generally, you’ll see a large increase in outgoing messages that will probably coincide with when the account was hacked.

So, now that you found the account, what recourse do you have?

First and foremost, you should disable the account. You can do this one of two ways:

  • Simply change the user’s password, or
  • Actually disable their account. When disabling the account, you can elect to disable outgoing while allowing the user to continue to receive incoming mail, or disable the account completely. Disabling doesn’t delete the account, it simply keeps it from being able to send, and possibly receive, email.

Once the account is disabled, your spool should start clearing up. If you haven’t verified whether the domain, or possibly the mail server as a whole, was blacklisted, you will want to do that  now. A simple check over at http://www.mxtoolbox.com will help determine which, if any, blacklists you’re on. From there, you will want to contact each, using whatever contact methods they prefer, to let them know what steps you’ve taken to not only stop this spammer, but also what you’ve done to protect your mail server from future issues. That’s where our previous blog post, 5 Ways to Avoid Being Blacklisted, will come in handy.

As you can see, it’s pretty easy to find a potential hacked account within SmarterMail. The hope is you won’t ever need to find one, but, if you do, we try to make it as simple as possible. Go ahead and bookmark this post, or, if you’d rather, we’ve condensed some of this information down into a knowledge base article, also entitled Finding a Compromised Account. Thanks for reading!

Filed under SmarterMail, SmarterTools Tagged with , , , , , , , , , , , ,

Improving Disk I/O and Overall Performance for Your Mail Server, Part 3

May 30, 2013 by 5 Comments

In Part One of our series we discussed some tips for setting up your mail server, including tweaks to your operating system and any other software, such as anti-virus, running on your server. In Part Two, we looked at SmarterMail itself and adjustments to items like spam filtering, file attachment sizes and more that can increase overall performance. In this final post, we’ll look at hardware settings and some tips for optimizing email clients and mobile devices.

It doesn’t even matter if you’re running SmarterMail – any mail server will benefit from the various hardware, software and end-user/device mods mentioned. If you’re doing some of these already, then you’re ahead of the curve. However, read through and see if you can grab one or two more that allow you to squeeze the most out of your mail server performance.

Devices/Clients

Use IMAP and CalDAV/CardDAV for Syncing

IMAP is a time-tested mail delivery protocol – it’s fast, it’s reliable and every device and email client supports it for retrieving incoming messages. Therefore, it’s the best choice for syncing with any email account on any device or desktop client. While things like Microsoft Exchange ActiveSync (EAS) and Exchange Web Services (EWS) are a bit more robust in what they sync, they can be server-intensive. EWS is something to really review before it is implemented as it’s currently only available for Apple clients like Apple Mail and Outlook for Mac and doesn’t support syncing mobile devices. Further, Outlook users should really only sync their Inbox and not all folders. By default, setting up IMAP will sync all folders. However, syncing just the Inbox is the most efficient setup as folders can be synced “on demand,” or whenever a user clicks on it. This way, only the access that is needed is what’s being set up and processed with the mail server.

For customers concerned about syncing contacts and calendars, using the CalDAV and CardDAV protocols are great for syncing these items. This is especially true now that Windows Phone is rolling out support for both, and even Google started offering native support for both and deprecated EAS support. Android and iOS devices currently support both CalDAV and CardDAV (iOS natively supports it – Android devices do require third-party apps), so most users will get along just fine using them. Finally, IMAP, CalDAV and CardDAV are all free to use – no additional costs for service providers or end users, and while Android devices currently need third-party apps, most, if not all, are available for free. Therefore, IMAP, CalDAV and CardDAV are truly ideal alternatives for most customers. If you want to use something other than IMAP, CalDAV and CardDAV, EAS is the way to go as it is becoming the de facto standard for syncing both mobile devices and desktop clients.

Sync Devices For a Maximum of 30 Days

On many mobile devices you can set the default time frame for syncing messages. Most people want to have as much mail on their phone as possible, but that’s not always the best solution as syncing a ton of information with a mobile device can cause issues, both on the phone as well as on the mail server itself. These issues can not only cause delays in receiving new messages but also issues with lost emails, high disk i/o and more. Therefore, it’s best to sync just a few days’ worth of email and calendar items. The maximum should be 30 days, but a better solution is 5 days or less. Since SmarterMail offers a Web-based interface, even road warriors can get by with just a few days’ worth of email and calendar items – they simply need to log in to their mail account using any Web-connected browser to see the rest.

Keep Mailboxes Small

This should go without saying, but keeping your inbox uncluttered is a great way to ensure your mail server performs well. Large mailboxes are very difficult to manage, especially when using products like Microsoft Outlook as they download EVERYTHING.

So, how can you keep a mailbox small and things working smoothly? Well, first of all, SmarterMail Enterprise offers email archiving. When used, archiving stores every email as it enters the spool. Therefore, even if an user deletes a message, a system or domain administrator can retrieve it and replace it for the user as needed. In addition, archived messages can be stored on a different drive, further saving space and disk i/o.

In addition, when syncing with a mobile device, it’s not necessary to sync every folder a user has. If only the Inbox is synced, and only a few days’ worth of email is synced, then the mail server and device will remain in harmony.

Another thing to avoid is creating sub-folders within your Inbox. Many clients, especially Outlook, don’t handle folders within a user’s Inbox very well. Mobile clients perform even worse when a user has sub-folders in their Inbox. Therefore, it’s best to avoid them whenever possible.

Try to live by the Inbox Zero rule and manage messages rather than letting them sit. Delete, file, store and remove as much as possible and your email clients, servers and mobile devices will perform much better.

Remove Large Attachments

As we noted in a previous post, disk space availability and usage can impact the performance of your mail server. A possible way to avoid this is to either set up some auto-clean rules for your emails or just flat out delete any large attachments. Of course, an alternative to deleting attachments is to move them off the mail server and to a local drive for later retrieval – maybe move them to a Google Drive or Dropbox account so they’re still available for mobile users, but not cluttering up the mail server itself.

Server Hardware

Separate Your Spool and Data

A great way to increase your mail server performance is to separate your email spool and email data into 2 separate, physical drives. This is because your spool, especially on busy mail servers, will see constant reads and writes, which will impact disk i/o. In addition, email data can grow, especially with attachments, file storage, etc. Increased disk space combined with constant reads/writes can be a recipe for disaster for a mail server. Separating these functions (along with the other suggestions discussed) can lead to longer lifespan for your disks, and less chances for corruption, downtime and headaches.

Use SSDs

This may go without saying as SSDs are generally faster than standard hard drives, but it’s worth pointing out nonetheless. SSDs are great for mail servers due to the increase in performance. Sure, they cost more, but the performance increase that a mail server admin will see, as well as their overall durability, is well-worth the investment.  In addition, there may be some concerns over the lifespan of SSDs in a high-production environment. However, implementing some of the other suggestions in this post can lengthen the lifespan of your SSDs, making them not only affordable but a real difference-maker.

RAM Drive for Spool

A RAM drive (a.k.a., a RAM Disk) offers a huge increase in performance, even over the use of SSDs. Most people use RAM drives for loading applications and running things like games or photo-editing software, so using a RAM drive for your email spool means that messages are handled much, much faster than when the spool is part of your normal drive set. There are some disadvantages to using RAM for storage, most significant are that the size is limited to the RAM on hand and RAM drives are dependent on the server staying powered up and online. Then there is the need for third-party applications to manage the drive. However, these are minor headaches compared to the overall performance gains. For more information on RAM drives, PC World has a good article on supercharging your server using a RAM drive.

Raid 10 for Data

Scalability and reliability are crucial factors for any mail server. As anyone working for a hosting provider or ISP can tell you, nothing riles up customers more than when their email is down. Most people can handle when their website is having issues, but even a minute of downtime for a mail server can bring the most patient customer to tears. Having redundancy and failover in your hardware can ensure that, even if you lose a drive, customers see very little downtime, IF they see any at all. RAID 10 offers a simple and relatively cheap way to give your mail server a high level of reliability without sacrificing any speed.

Lots of Memory in the Machine to accomplish these items above

Use of a RAM drive and other suggestions means that your mail server will need enough RAM to be able to handle any situation. 8GB or more seems to be the norm nowadays, especially as RAM prices decline, 16GB being a sweet spot for most mail server admins. Of course, it all depends on load, number of users and how users interact with the mail server. Getting some baseline statistics on memory and disk usage using your mail server’s reporting features or from the server itself is a good place to start. SmarterMail offers system administrators some reports that detail disk and memory usage, as well as user trends and summary reports. Windows offers native reporting tools that can be used as well.

So, there you have it – three blog posts detailing how you can improve the overall performance of your mail server. Of course, these suggestions just touch the surface. I’m sure there’s more that can be done, so if anyone has any suggestions, feel free to leave them in the comments. Thanks for reading!

Filed under SmarterMail, SmarterTools Tagged with , , , , , , , , , , , , , , ,

Improving Disk I/O and Overall Performance for Your Mail Server, Part 2

May 23, 2013 by 2 Comments

In Part One of our series on Improving Disk I/O for Your Mail Server, we discussed some tweaks to your operating system and any other server software, such as anti-virus, to increase overall performance. In this post, we’ll look at settings and tweaks to SmarterMail itself. If you’re doing some of these already, then you’re ahead of the curve. However, read through and see if you can grab one or two more that allow you to squeeze the most out of your mail server performance.

SmarterMail Tweaks

Setup Domain Auto-Clean Rules for Junk Mail and Deleted Items

When SmarterMail is set up it can be configured to move any spam mail to a Junk Mail folder and any deleted items can be moved to a Deleted Items folder. This is an easy and convenient way to manage these types of emails, but users can get a little distracted and leave these folders unattended. This means that the folders can grow in size and grow so large that they take up an inordinate amount of disk space. To remedy that, administrators should set up rules to automatically clean these folders after a certain amount of time, such as weekly or monthly. Setting up these rules is a great way to ensure that these folders don’t grow out of control, take up a ton of disk space and eventually bog down your disk i/o.

Limit File Attachment Sizes – Use File Storage Instead

It’s hard to get around users sending and receiving files via email. However, you can limit the size of the attachments that can be sent and then offer SmarterMail’s File Storage as an alternative for large attachments. Attachments are stored within a mail server’s GRP file, and encoded. This encoding can add anywhere from 30% – 50% to the size of the attachment. For larger files, this means that disk space can be greatly affected when limitations are absent. File Storage, on the other hand, stores the uploaded file in a user’s folder, but the file isn’t encoded, so it doesn’t increase in size. In addition, users can better-manage file storage files right from within the SmarterMail webmail interface, thereby keeping disk space utilization to a minimum.

Create Strict Spam Settings

A very simple way to keep your mail server running smoothly is to limit the amount of email that actually comes into the mail server. A perfect example is spam messages: it’s a good idea to set up and manage strict anti-spam settings to prevent messages from even making it to the server. We have a KB article of Recommended Spam Settings that you can follow, and one of our power users and a forum Product Expert, Bruce Barnes, has an extensive PDF document outlining different spam settings and efficiencies with setting up various anti-spam measures.

Consider Setting Up an Inbound Gateway

Using an inbound gateway is a great way to offload some of the spam checks and help weed out unwanted email before it gets set for local delivery. While inbound gateways only offer SMTP spam checks (things like Commtouch, etc. can’t run on an inbound gateway), utilizing extensive checks and setting up a variety of RBLs and URIBLs can greatly limit the the amount of spam that gets to the primary mail server. From there, you can use Commtouch or other third-party add-ons to further eliminate spam. You can use SmarterMail as an inbound gateway, for free, and we have a knowledge base article that can help you set it up.

There you have it, a few more tips to help maximize the performance of your mail server. In Part Three, we’ll discuss some hardware changes and email client and mobile device settings that will help keep things running smoothly, so stay tuned!

Filed under SmarterMail, SmarterTools Tagged with , , , , , , , , , , ,

Improving Disk I/O and Overall Performance for Your Mail Server, Part 1

May 16, 2013 by 4 Comments

While SmarterMail 11.x has a significant number of changes that greatly increase the performance and reliability of your mail server, there are still some configuration tweaks that mail admins can use to further increase performance. In this three part series (there’s a LOT to discuss) we’ll look at a few things you can do to increase the overall lperformance of your mail server beyond simply using SmarterMail. Part One will cover general server settings, Part Two will cover SmarterMail and Part Three will cover tweaks to email clients and devices as well as hardware changes to increase performance.

It doesn’t even matter if you’re running SmarterMail – any mail server will benefit from the various hardware, software and end-user/device mods mentioned. If you’re doing some of these already, then you’re ahead of the curve. However, read through and see if you can grab one or two more that allow you to squeeze the most out of your mail server performance.

Mail Server Settings

There are some changes that can be made to how your mail server is set up as well as some file system changes that can help increase performance. Below are a few ideas to get you started.

Use Robust Anti-virus

Use of good, robust antivirus software can help keep your mail server running smoothly by..well, scanning for, and removing, potential viruses that can come into your system via email. Antivirus software should be configured to scan messages as well as attachments, though care should be taken when designating where, and how often, some sections of your mail server are actively protected. See the next point, as an example. SmarterMail comes with ClamAV, an open-source anti-virus software, that can be configured when the mail server is set up, free of charge.

Limit the Resident Shield (or Similar) Component

Many anti-virus applications have a component that runs in the background that scans every single file that is copied to, saved to or even opened on the mail server. While these components allow system administrators to keep their mail servers virus-free, on heavily-used mail servers this can be a real drain on system resources. Therefore, it’s best to limit the resident shield component to only those locations that will most benefit by setting up exceptions in your anti-virus administration area.

Limit Where and What Is Scanned by A/V

In addition, you’ll only want to scan messages that come into the spool, and if possible, only scan writes and remove scans of disk reads. Disk i/o and CPU can be heavily taxed when scanning mailboxes over and over and over again. While you can run periodic checks on the server as a whole, maintaining the spool is the best way to ensure your mail server is virus-free as the only way a file can get to a mailbox is when it is written to the spool or to working/temp directories. Therefore, scanning writes only is a great way to keep your mail server virus free. Some may see this as a possible decrease in overall server security, but it will result in dramatic improvements to overall disk i/o and utilization.

Disable Pagefile

Opinions on the advantages of disabling the Windows pagefile vary: some say you should keep it “just in case” while others say that modern applications will never need it, so why keep it? Besides, most businesses run servers with more than enough RAM to compensate for any potential benefits that the pagefile represents. Therefore, you may as well disable your pagefile. The only time it’s beneficial is if you’re running a mail server with 4GB of RAM or less – and, to be honest, why would you do that?

Disable IIS Logging for the Webmail interface

Any Web hosting provider offering Windows hosting can attest to how IIS log files can grow..and grow…and grow. That’s great for customers’’ sites, but it’s not something you necessarily want to have happen to the SmarterMail Web interface. There’s enough reporting within SmarterMail for end users and administrators that seeing views, visits and hits isn’t necessary. Therefore, when you set up SmarterMail as a site in IIS (which is highly recommended in our system requirements), it’s a good idea to simply disable IIS logging for that site. Use the reports within SmarterMail versus using the IIS logs to generate reports.

A Few Other Items

There are a few other things that can be done to help optimize your mail server. These are pretty self-explanatory, so we’ll just bullet point them:

  • Disable hibernation or sleep for your server

  • Disable Windows Indexing as this reduces overall disk i/o and extends SSD life

  • Make sure write caching is enabled

  • Disable defrag for your spool, especially if you’re using a SSD

  • Defrag RAID arrays at least every couple of days, but do it off hours if possible

  • Do NOT use a realtime defragger – only use the one within Windows itself

  • Don’t defrag while backing up  your mail server

There you have it. A few tips to help maximize the performance of your mail server. In Part Two, we’ll discuss some settings for SmarterMail itself, though these tweaks can possibly be made to any mail server, so stay tuned!

Filed under SmarterMail, SmarterTools Tagged with , , , , , , , , , ,

SmarterTools Product Integrations

May 9, 2013 by 1 Comment

As many of you have noticed, with the most recent releases of all three of our products, we’ve also released (or upgraded) a few integration modules for some popular Web hosting control panels. Most notably, we now offer integrations of SmarterMail and SmarterTrack for customers using WHMCS and we have a provisioning module for the new Parallels APS program that works with the Parallels Operations Administrator (POA). When you couple these with the existing integration we have for WebsitePanel, that means that SmarterTools’ products are now available for virtually any control panel Web hosts, ISPs, small businesses and others have available to them for managing their businesses.

Below is a brief discussion of what each integration brings to customers. Also, each  module discussed and linked-to was built by our own developers. While there are other modules available, the modules discussed below are the “official” integration modules, built by SmarterTools and documented in the help files associated with each product.

SmarterMail and WHMCS

SmarterMail offers a fantastic alternative for hosters and ISPs using WHMCS and CPanel for management of Linux shared, dedicated and VPS packages. While SmarterMail does require a Windows server to run, the feature-set available with SmarterMail, as well as its ease of management, stability, reliability and security features make it a perfect email solution regardless for Linux providers. Here’s a great example of one provider using SmarterMail, and the WHMCS integration, for their shared Linux hosting plans.

The SmarterMail module provides the following services:

  • Create, suspend, un-suspend, terminate, and delete domains from a SmarterMail server.
  • Multiple SmarterMail server support with management side interface for adding, deleting, suspending and unsuspending SmarterMail servers as well as setting max domain levels per server.
  • Client side link to a SmarterMail webmail login.
  • SSL support.

More information on the SmarterMail module can be found on the WHMCS SmarterMail Provisioning Module page of the SmarterMail help document.

SmarterTrack and WHMCS

While WHMCS offers a standard ticketing support solution as well as a knowledge base system, SmarterTrack provides a more more robust and feature-rich customer service helpdesk for hosting providers and ISPs. The integration module we created will replace the ticketing and KB systems that are part of a generic, default WHMCS installation. In addition, users can add in live chat functionality by simply generating live chat code and adding it to any page on their site.

The SmarterTrack module provides the following:

  • The ability to override the knowledge base links within WHMCS to redirect to SmarterTrack’s knowledge base articles.
  • The ability to provide live chat support links within WHMCS that will pop up a SmarterTrack live chat within the WHMCS interface.
  • The ability to override “contact us” emails to start a ticket within SmarterTrack rather than an email to a chosen email address. The ticket will also have a different comment added to it that states it was submitted via Sales Acquisition. You also get to specify which department these tickets are automatically submitted to.
  • Full email ticket support, including:
    • Include / exclude departments based on settings within SmarterTrack.
    • Full custom field support.
    • A comment added to every ticket submitted to show it was created through WHMCS.
    • Customizable auto responders with the ability to direct ticket links to WHMCS rather than SmarterTrack.
    • View all tickets on the support tickets page and all open tickets on client area page.
    • Restrict users from closing tickets based on settings set in SmarterTrack.
  • Help phone number and / or email address are displayed on error pages.
  • Full email / username and password sync support between WHMCS and SmarterTrack. This means that whenever a client changes their email or password in WHMCS, the change will also reflect within SmarterTrack.
  • A page in the management interface of WHMCS for syncing SmarterTrack and WHMCS users. (SmarterTrack uses the client’s email address for the username).
  • Full open source module with language string overrides, a custom style sheet and custom client template pages that can all be modified to serve a company’s needs.

More information on the SmarterTrack module can be found on the WHMCS SmarterTrack Provisioning Module page of the SmarterTrack help document.

The SmarterMail APS Module for Parallels

The Parallels APS program is quickly becoming the de-facto standard for businesses – even businesses beyond web hosts and ISPs – looking to have a centralized location for managing multiple areas of their business. From websites to email, billing to server provisioning, the Parallels Operations Automation and Parallels Billing Automation platforms offer a centralized location for virtually any aspect of a business. As such, having a provisioning module for one of the leaders in small business email is a must.

The goal of the SmarterMail APS package was to provide a means of easily managing domains, mailboxes, mailings lists and aliases. To those ends, services provided include:

  • Domain Services
    • Add / Remove Domains
    • Add / Edit / Remove Domain Aliases
    • Add / Edit / Remove User Aliases
    • Domain Disk Space Reporting
  • Mailbox Services
    • Add / Edit / Remove Mailboxes
    • Configure Email Forwarding Settings
    • Configure Auto-responder Settings
  • Mail List Services
    • Add / Edit / Remove Mailing Lists
    • Add / Edit / Remove Mailing List Subscribers

More information on the SmarterTrack module can be found on the Parallels APS Package for SmarterMail page of the SmarterMail help document.

SmarterMail and WebsitePanel

Formerly known as DotNetPanel, WebsitePanel has quickly become one of the best control panels for cloud computing companies and IT providers to automate the provisioning of a full suite of services on Windows servers. As such, SmarterMail is a perfect complement to WebsitePanel for hosting providers and ISPs.

The SmarterMail module provides the following services:

  • Create, remove and manage:
    • domains
    • users/mailboxes
    • mailing lists
    • user aliases
  • User settings that can be modified include:
    • mailbox size
    • passwords
    • the ability to set domain admins
    • manage autoresponders
    • manage mail forwarding

  • Advanced mailbox/user and server settings are managed from within SmarterMail based on domain admin and/or system admin logins.

More information on the SmarterMail module can be found on the WebsitePanel Module for SmarterMail page of the SmarterMail help document.

SmarterStats and WebsitePanel

The SmarterStats integration module for WebsitePanel follows the SmarterMail module and provides industry-leading log analytics, SEO optimization and website tuning tools to domain administrators and website owners alike.

The SmarterStats module provides the following services:

  • Site and user creation
  • The ability to link directly to SmarterStats for viewing reports on a per-user basis
  • Advances site, user and server settings are managed from within SmarterStats based on domain admin and/or system admin logins.

As the module implementations are almost identical, more information on the SmarterStats module can be found on the WebsitePanel Module for SmarterMail page of the SmarterMail help document.

Filed under SmarterTools

Older posts

Follow

Get every new post delivered to your Inbox.

Join 179 other followers