Finding a Compromised Email Account

Spam listsA few months ago we put up a post about some steps you can take to avoid having your mail server blacklisted on various RBLs and other anti-spam lists. This is a great preventative measure, but it doesn’t mean an email account can’t get compromised. So, what do you do if you DO have a compromised account on your mail server? In addition, how can you find which account was the one compromised?

Before we look at how to find a compromised account, let’s look at some signs that point to possibly having an account that’s being used for spamming. These indications include:

  • Having email deliveries rejected to popular mail services like GMail, Yahoo! or
  • Having email deliveries rejected from other ISPs and/or hosting providers
  • Seeing a lot of email filling up your spool
  • And, of course, having customers call in complaining of delivery delays

Thankfully, SmarterMail makes it very easy to find an email account that is potentially compromised. All you need to do is check your Message Traffic report. To do this:

  1. Log in to SmarterMail as the system administrator
  2. Go to the Reports area
  3. Expand System Summary Reports, then Traffic Reports
  4. Click on Message Traffic
    1. This report lists all domains on the mail server, and also displays the total incoming and outgoing messages for those domains. The domain with the compromised account will more than likely be the one with the most outgoing messages.
  5. Click on the domain you suspect to have the compromised account to display all of the users of that domain. Again, the one that is compromised is more than likely the one with the most messages sent.
  6. Click on the user to take a look at their message traffic from the past week. Generally, you’ll see a large increase in outgoing messages that will probably coincide with when the account was hacked.

So, now that you found the account, what recourse do you have?

First and foremost, you should disable the account. You can do this one of two ways:

  • Simply change the user’s password, or
  • Actually disable their account. When disabling the account, you can elect to disable outgoing while allowing the user to continue to receive incoming mail, or disable the account completely. Disabling doesn’t delete the account, it simply keeps it from being able to send, and possibly receive, email.

Once the account is disabled, your spool should start clearing up. If you haven’t verified whether the domain, or possibly the mail server as a whole, was blacklisted, you will want to do that  now. A simple check over at will help determine which, if any, blacklists you’re on. From there, you will want to contact each, using whatever contact methods they prefer, to let them know what steps you’ve taken to not only stop this spammer, but also what you’ve done to protect your mail server from future issues. That’s where our previous blog post, 5 Ways to Avoid Being Blacklisted, will come in handy.

As you can see, it’s pretty easy to find a potential hacked account within SmarterMail. The hope is you won’t ever need to find one, but, if you do, we try to make it as simple as possible. Go ahead and bookmark this post, or, if you’d rather, we’ve condensed some of this information down into a knowledge base article, also entitled Finding a Compromised Account. Thanks for reading!

Improving Disk I/O and Overall Performance for Your Mail Server, Part 3

In Part One of our series we discussed some tips for setting up your mail server, including tweaks to your operating system and any other software, such as anti-virus, running on your server. In Part Two, we looked at SmarterMail itself and adjustments to items like spam filtering, file attachment sizes and more that can increase overall performance. In this final post, we’ll look at hardware settings and some tips for optimizing email clients and mobile devices.

It doesn’t even matter if you’re running SmarterMail – any mail server will benefit from the various hardware, software and end-user/device mods mentioned. If you’re doing some of these already, then you’re ahead of the curve. However, read through and see if you can grab one or two more that allow you to squeeze the most out of your mail server performance.


Use IMAP and CalDAV/CardDAV for Syncing

IMAP is a time-tested mail delivery protocol – it’s fast, it’s reliable and every device and email client supports it for retrieving incoming messages. Therefore, it’s the best choice for syncing with any email account on any device or desktop client. While things like Microsoft Exchange ActiveSync (EAS) and Exchange Web Services (EWS) are a bit more robust in what they sync, they can be server-intensive. EWS is something to really review before it is implemented as it’s currently only available for Apple clients like Apple Mail and Outlook for Mac and doesn’t support syncing mobile devices. Further, Outlook users should really only sync their Inbox and not all folders. By default, setting up IMAP will sync all folders. However, syncing just the Inbox is the most efficient setup as folders can be synced “on demand,” or whenever a user clicks on it. This way, only the access that is needed is what’s being set up and processed with the mail server.

For customers concerned about syncing contacts and calendars, using the CalDAV and CardDAV protocols are great for syncing these items. This is especially true now that Windows Phone is rolling out support for both, and even Google started offering native support for both and deprecated EAS support. Android and iOS devices currently support both CalDAV and CardDAV (iOS natively supports it – Android devices do require third-party apps), so most users will get along just fine using them. Finally, IMAP, CalDAV and CardDAV are all free to use – no additional costs for service providers or end users, and while Android devices currently need third-party apps, most, if not all, are available for free. Therefore, IMAP, CalDAV and CardDAV are truly ideal alternatives for most customers. If you want to use something other than IMAP, CalDAV and CardDAV, EAS is the way to go as it is becoming the de facto standard for syncing both mobile devices and desktop clients.

Sync Devices For a Maximum of 30 Days

On many mobile devices you can set the default time frame for syncing messages. Most people want to have as much mail on their phone as possible, but that’s not always the best solution as syncing a ton of information with a mobile device can cause issues, both on the phone as well as on the mail server itself. These issues can not only cause delays in receiving new messages but also issues with lost emails, high disk i/o and more. Therefore, it’s best to sync just a few days’ worth of email and calendar items. The maximum should be 30 days, but a better solution is 5 days or less. Since SmarterMail offers a Web-based interface, even road warriors can get by with just a few days’ worth of email and calendar items – they simply need to log in to their mail account using any Web-connected browser to see the rest.

Keep Mailboxes Small

This should go without saying, but keeping your inbox uncluttered is a great way to ensure your mail server performs well. Large mailboxes are very difficult to manage, especially when using products like Microsoft Outlook as they download EVERYTHING.

So, how can you keep a mailbox small and things working smoothly? Well, first of all, SmarterMail Enterprise offers email archiving. When used, archiving stores every email as it enters the spool. Therefore, even if an user deletes a message, a system or domain administrator can retrieve it and replace it for the user as needed. In addition, archived messages can be stored on a different drive, further saving space and disk i/o.

In addition, when syncing with a mobile device, it’s not necessary to sync every folder a user has. If only the Inbox is synced, and only a few days’ worth of email is synced, then the mail server and device will remain in harmony.

Another thing to avoid is creating sub-folders within your Inbox. Many clients, especially Outlook, don’t handle folders within a user’s Inbox very well. Mobile clients perform even worse when a user has sub-folders in their Inbox. Therefore, it’s best to avoid them whenever possible.

Try to live by the Inbox Zero rule and manage messages rather than letting them sit. Delete, file, store and remove as much as possible and your email clients, servers and mobile devices will perform much better.

Remove Large Attachments

As we noted in a previous post, disk space availability and usage can impact the performance of your mail server. A possible way to avoid this is to either set up some auto-clean rules for your emails or just flat out delete any large attachments. Of course, an alternative to deleting attachments is to move them off the mail server and to a local drive for later retrieval – maybe move them to a Google Drive or Dropbox account so they’re still available for mobile users, but not cluttering up the mail server itself.

Server Hardware

Separate Your Spool and Data

A great way to increase your mail server performance is to separate your email spool and email data into 2 separate, physical drives. This is because your spool, especially on busy mail servers, will see constant reads and writes, which will impact disk i/o. In addition, email data can grow, especially with attachments, file storage, etc. Increased disk space combined with constant reads/writes can be a recipe for disaster for a mail server. Separating these functions (along with the other suggestions discussed) can lead to longer lifespan for your disks, and less chances for corruption, downtime and headaches.

Use SSDs

This may go without saying as SSDs are generally faster than standard hard drives, but it’s worth pointing out nonetheless. SSDs are great for mail servers due to the increase in performance. Sure, they cost more, but the performance increase that a mail server admin will see, as well as their overall durability, is well-worth the investment.  In addition, there may be some concerns over the lifespan of SSDs in a high-production environment. However, implementing some of the other suggestions in this post can lengthen the lifespan of your SSDs, making them not only affordable but a real difference-maker.

RAM Drive for Spool

A RAM drive (a.k.a., a RAM Disk) offers a huge increase in performance, even over the use of SSDs. Most people use RAM drives for loading applications and running things like games or photo-editing software, so using a RAM drive for your email spool means that messages are handled much, much faster than when the spool is part of your normal drive set. There are some disadvantages to using RAM for storage, most significant are that the size is limited to the RAM on hand and RAM drives are dependent on the server staying powered up and online. Then there is the need for third-party applications to manage the drive. However, these are minor headaches compared to the overall performance gains. For more information on RAM drives, PC World has a good article on supercharging your server using a RAM drive.

Raid 10 for Data

Scalability and reliability are crucial factors for any mail server. As anyone working for a hosting provider or ISP can tell you, nothing riles up customers more than when their email is down. Most people can handle when their website is having issues, but even a minute of downtime for a mail server can bring the most patient customer to tears. Having redundancy and failover in your hardware can ensure that, even if you lose a drive, customers see very little downtime, IF they see any at all. RAID 10 offers a simple and relatively cheap way to give your mail server a high level of reliability without sacrificing any speed.

Lots of Memory in the Machine to accomplish these items above

Use of a RAM drive and other suggestions means that your mail server will need enough RAM to be able to handle any situation. 8GB or more seems to be the norm nowadays, especially as RAM prices decline, 16GB being a sweet spot for most mail server admins. Of course, it all depends on load, number of users and how users interact with the mail server. Getting some baseline statistics on memory and disk usage using your mail server’s reporting features or from the server itself is a good place to start. SmarterMail offers system administrators some reports that detail disk and memory usage, as well as user trends and summary reports. Windows offers native reporting tools that can be used as well.

So, there you have it – three blog posts detailing how you can improve the overall performance of your mail server. Of course, these suggestions just touch the surface. I’m sure there’s more that can be done, so if anyone has any suggestions, feel free to leave them in the comments. Thanks for reading!

Improving Disk I/O and Overall Performance for Your Mail Server, Part 2

In Part One of our series on Improving Disk I/O for Your Mail Server, we discussed some tweaks to your operating system and any other server software, such as anti-virus, to increase overall performance. In this post, we’ll look at settings and tweaks to SmarterMail itself. If you’re doing some of these already, then you’re ahead of the curve. However, read through and see if you can grab one or two more that allow you to squeeze the most out of your mail server performance.

SmarterMail Tweaks

Setup Domain Auto-Clean Rules for Junk Mail and Deleted Items

When SmarterMail is set up it can be configured to move any spam mail to a Junk Mail folder and any deleted items can be moved to a Deleted Items folder. This is an easy and convenient way to manage these types of emails, but users can get a little distracted and leave these folders unattended. This means that the folders can grow in size and grow so large that they take up an inordinate amount of disk space. To remedy that, administrators should set up rules to automatically clean these folders after a certain amount of time, such as weekly or monthly. Setting up these rules is a great way to ensure that these folders don’t grow out of control, take up a ton of disk space and eventually bog down your disk i/o.

Limit File Attachment Sizes – Use File Storage Instead

It’s hard to get around users sending and receiving files via email. However, you can limit the size of the attachments that can be sent and then offer SmarterMail’s File Storage as an alternative for large attachments. Attachments are stored within a mail server’s GRP file, and encoded. This encoding can add anywhere from 30% – 50% to the size of the attachment. For larger files, this means that disk space can be greatly affected when limitations are absent. File Storage, on the other hand, stores the uploaded file in a user’s folder, but the file isn’t encoded, so it doesn’t increase in size. In addition, users can better-manage file storage files right from within the SmarterMail webmail interface, thereby keeping disk space utilization to a minimum.

Create Strict Spam Settings

A very simple way to keep your mail server running smoothly is to limit the amount of email that actually comes into the mail server. A perfect example is spam messages: it’s a good idea to set up and manage strict anti-spam settings to prevent messages from even making it to the server. We have a KB article of Recommended Spam Settings that you can follow, and one of our power users and a forum Product Expert, Bruce Barnes, has an extensive PDF document outlining different spam settings and efficiencies with setting up various anti-spam measures.

Consider Setting Up an Inbound Gateway

Using an inbound gateway is a great way to offload some of the spam checks and help weed out unwanted email before it gets set for local delivery. While inbound gateways only offer SMTP spam checks (things like Commtouch, etc. can’t run on an inbound gateway), utilizing extensive checks and setting up a variety of RBLs and URIBLs can greatly limit the the amount of spam that gets to the primary mail server. From there, you can use Commtouch or other third-party add-ons to further eliminate spam. You can use SmarterMail as an inbound gateway, for free, and we have a knowledge base article that can help you set it up.

There you have it, a few more tips to help maximize the performance of your mail server. In Part Three, we’ll discuss some hardware changes and email client and mobile device settings that will help keep things running smoothly, so stay tuned!

Improving Disk I/O and Overall Performance for Your Mail Server, Part 1

While SmarterMail 11.x has a significant number of changes that greatly increase the performance and reliability of your mail server, there are still some configuration tweaks that mail admins can use to further increase performance. In this three part series (there’s a LOT to discuss) we’ll look at a few things you can do to increase the overall lperformance of your mail server beyond simply using SmarterMail. Part One will cover general server settings, Part Two will cover SmarterMail and Part Three will cover tweaks to email clients and devices as well as hardware changes to increase performance.

It doesn’t even matter if you’re running SmarterMail – any mail server will benefit from the various hardware, software and end-user/device mods mentioned. If you’re doing some of these already, then you’re ahead of the curve. However, read through and see if you can grab one or two more that allow you to squeeze the most out of your mail server performance.

Mail Server Settings

There are some changes that can be made to how your mail server is set up as well as some file system changes that can help increase performance. Below are a few ideas to get you started.

Use Robust Anti-virus

Use of good, robust antivirus software can help keep your mail server running smoothly by..well, scanning for, and removing, potential viruses that can come into your system via email. Antivirus software should be configured to scan messages as well as attachments, though care should be taken when designating where, and how often, some sections of your mail server are actively protected. See the next point, as an example. SmarterMail comes with ClamAV, an open-source anti-virus software, that can be configured when the mail server is set up, free of charge.

Limit the Resident Shield (or Similar) Component

Many anti-virus applications have a component that runs in the background that scans every single file that is copied to, saved to or even opened on the mail server. While these components allow system administrators to keep their mail servers virus-free, on heavily-used mail servers this can be a real drain on system resources. Therefore, it’s best to limit the resident shield component to only those locations that will most benefit by setting up exceptions in your anti-virus administration area.

Limit Where and What Is Scanned by A/V

In addition, you’ll only want to scan messages that come into the spool, and if possible, only scan writes and remove scans of disk reads. Disk i/o and CPU can be heavily taxed when scanning mailboxes over and over and over again. While you can run periodic checks on the server as a whole, maintaining the spool is the best way to ensure your mail server is virus-free as the only way a file can get to a mailbox is when it is written to the spool or to working/temp directories. Therefore, scanning writes only is a great way to keep your mail server virus free. Some may see this as a possible decrease in overall server security, but it will result in dramatic improvements to overall disk i/o and utilization.

Disable Pagefile

Opinions on the advantages of disabling the Windows pagefile vary: some say you should keep it “just in case” while others say that modern applications will never need it, so why keep it? Besides, most businesses run servers with more than enough RAM to compensate for any potential benefits that the pagefile represents. Therefore, you may as well disable your pagefile. The only time it’s beneficial is if you’re running a mail server with 4GB of RAM or less – and, to be honest, why would you do that?

Disable IIS Logging for the Webmail interface

Any Web hosting provider offering Windows hosting can attest to how IIS log files can grow..and grow…and grow. That’s great for customers’’ sites, but it’s not something you necessarily want to have happen to the SmarterMail Web interface. There’s enough reporting within SmarterMail for end users and administrators that seeing views, visits and hits isn’t necessary. Therefore, when you set up SmarterMail as a site in IIS (which is highly recommended in our system requirements), it’s a good idea to simply disable IIS logging for that site. Use the reports within SmarterMail versus using the IIS logs to generate reports.

A Few Other Items

There are a few other things that can be done to help optimize your mail server. These are pretty self-explanatory, so we’ll just bullet point them:

  • Disable hibernation or sleep for your server

  • Disable Windows Indexing as this reduces overall disk i/o and extends SSD life

  • Make sure write caching is enabled

  • Disable defrag for your spool, especially if you’re using a SSD

  • Defrag RAID arrays at least every couple of days, but do it off hours if possible

  • Do NOT use a realtime defragger – only use the one within Windows itself

  • Don’t defrag while backing up  your mail server

There you have it. A few tips to help maximize the performance of your mail server. In Part Two, we’ll discuss some settings for SmarterMail itself, though these tweaks can possibly be made to any mail server, so stay tuned!

SmarterMail 11.x BETA Now Available

We’re excited to announce the BETA of the next version of our popular Windows mail server: SmarterMail 11.x. Over the last few major releases we focused on providing an incredibly powerful and user friendly Web interface that users would enjoy.  With this latest release, we kept the same look and appearance but rewrote the underlying architecture with the latest Internet technologies to dramatically improve the speed, reduce the size and increase compatibility with all the latest Internet browsers and tablets.

In addition, SmarterMail 11.x brings several new features, server side optimizations and fixes that continues to make SmarterMail compatible with the latest Internet trends.  As with all releases, we worked closely with customers and partners and while we couldn’t incorporate everyone’s ideas into this release, we prioritized our users’ wants to create a new version of SmarterMail that we think you’ll really like.

So let’s take a look at what’s new…

Tremendous Performance Increases

We spent a great deal of time benchmarking SmarterMail and then making changes to increase the level of performance across the board. In many instances we’ve seen increases of 70% or more in the speed and responsiveness of the SmarterMail 11.x interface. We’ve also seen huge decreases in memory and CPU usage, even under extremely heavy loads. All of this means that the product runs much quicker and much more efficiently than previous versions. Some of the changes we’ve made include:

  • Re-factored and completely re-wrote many areas of the web interface to reduce the amount of JavaScript code, CSS and HTML, making the entire web interface much faster, much more responsive and much lighter weight.
  • CSS files have been converted to LESS, making stylesheets much smaller and more efficient.
  • The button bars were re-factored to be lighter weight controls.
  • The context menus were re-factored to be lighter weight controls.
  • The date pickers were re-factored to be lighter weight controls.
  • The tree view controls were re-factored to be lighter weight controls.
  • Greatly increased the performance of the Web interface.
  • Replaced the message editor control with a more lightweight control.
  • SmarterMail Service memory has been drastically reduced using SpamAssasin.

As we mentioned in a blog post late last year, we feel efficiency IS a product feature, and SmarterMail 11.x really proves that point.

Simple Customization of the Webmail Interface

personalizationSmarterMail 11.x introduces a much simpler way for users to customize the look and feel of their webmail experience. Now, rather than having to access system files to create custom styles, users can simply override existing SmarterMail styles with their own variables or, more simply, by modifying the overall color scheme of the primary, secondary and hyperlink colors. Users can even drastically revise the look of the webmail interface. For example, by moving the navigation icons to a horizontal position versus their default vertical position. Of course, if the Domain Admin prefers the defaults, customization at the user level can be disabled, thereby preserving branding and corporate identity.

Significant Improvements to Microsoft Exchange ActiveSync

Note-2-Calendar_smCustomers using the Exchange ActiveSync (EAS) add-on enjoy the industry standard in syncing technologies for all mobile devices and will be ready for the next version of Microsoft Outlook for Windows that’s coming in Office 2013. With SmarterMail 11.x we’ve made some significant changes in how SmarterMail integrates EAS, including better handling of the most popular devices from Samsung, the Galaxy S III and Galaxy Note II, and seamless integration with their native email clients.

Changes to how SmarterTools products work with add-ons are often only available with major upgrades due to the agreements we have with our vendors and partners. Customers who stay current with Upgrade Protection are able to take full advantage of these changes and modifications, not to mention receive full version upgrades at no additional cost. In addition, with SmarterTools, you can reinstate your Upgrade Protection at any time and still receive a discount. And unlike our competitors, SmarterTools doesn’t force customers to purchase each incremental upgrade that’s available when reinstating Upgrade Protection.

IPv6 Now Available

With the dwindling availability of IPv4 addresses, more and more hosting companies and service providers are moving towards utilizing IPv6 addresses. In addition, there will come a point where businesses of all shapes and sizes need to begin using IPv6 addresses as well. SmarterMail 11.x is here to help ease that transition. In fact, implementation of IPv6 with SmarterMail 11.x is just as simple as IPv4 – there’s no learning curve, no hassles and essentially the same functionality is available for IPv6 addresses as for legacy IPs. End users won’t even be able to tell the difference!

Greater Calendar Control

new_calendar In SmarterMail 10.x we greatly increased the functionality of our calendaring, and with SmarterMail 11.x we’re continuing that trend. In this latest version, users can not only set the default view for their calendars in the Web interface (either daily, weekly, monthly or all appointment views) but users can also automatically clean out old calendar entries. Domain or System Administrators can also default the auto-clean feature for calendars, making it an ideal solution for those admins who want to keep their mail servers manageable and running as smoothly as possible.


Improved Spell Checking

No one likes to send emails with spelling errors. With SmarterMail 11.x we completely revised how spell checking works, greatly increasing the accuracy and adding in grammar support. In addition, the new spell checking ignores things like URLs and email addresses and users can select an option to force spell checking before their email is actually sent, which should help with those awkward misspellings and grammar mistakes. You can also add your own words to your own dictionary to further customize and simplify your communications.


Personalize Your Contacts

With the growth in popularity of social networks, people are used to see whom they’re talking to when typing up messages. SmarterMail 11.x allows users to add pictures to their contacts, thereby putting a face to a name, as it were, when typing up emails or using the included live chat. Contact pictures will even carry over to third-party live chat clients like Adium or Pidgin so users always see the person they’re communicating with, regardless of medium. In addition, ActiveSync and CardDAV will synchronize contacts with your choice of Third-party applications.

New Features for System Administrators

As if the incredible performance increases won’t make their jobs easier enough, we’ve also included several new features, tools and improvements for System Administrators. Some of these include the ability to utilize an abuse detection rule that allows blocking of IP addresses that exceed a set number of authentication failures over a variety of protocols, the ability to delete IP address that no longer exist right from the IP address bindings page and the implementation of the UIDPlus extension for IMAP. System administrators can even search log files written to the MRS\App_Data\Logs folder from within the management interface and much more.

17 Different Spell-check Dictionaries Included

In addition to the improved spell checking, SmarterMail also includes dictionaries for 17 different languages. The languages supported include:

  • English (US+UK Combined) – DEFAULT
  • English (US), (Australia), (Canada), (UK)
  • French
  • German/German (Switzerland)
  • Greek
  • Hungarian
  • Italian
  • Norwegian
  • Polish
  • Portuguese/Portuguese (Brazil)
  • Russian
  • Spanish

Greater Support for International Customers

SmarterMail is a truly international product. With customers in well over 120 different countries, support for languages other than English is a priority. In addition, as SmarterMail’s adoption across the globe continues to rise, support for non-Western character sets is also essential. With SmarterMail 11.x we’ve not only included support for right-to-left languages in our Web interface, but we’ve also gone through the entire product and greatly simplified our language strings to make things much easier for automated translations and for customers who create their own translation files.

Is that it?

Of course not! SmarterMail 11.x has many more features and improvements. You’ll find them in the release notes we’ll post in the SmarterMail 11.x BETA forum, but here are a few more that might be of interest:

  • A new content filter action was added for flagging messages and setting their priority.
  • Print preview now includes a list of attachments, perfect for regulatory compliance.
  • Users can now set start dates and end dates for their auto-responders.
  • Status messages and tip text now drops down from the top of the page and no longer disrupts page flow.
  • Language strings have been simplified so that they are much easier to translate.
  • In the webmail interface, the message grid now adds a color to the subject of unread messages to better distinguish them from messages that have already been read.
  • The ability for SmarterMail to detect missing attachments when they should be present. For example, when a message contains the word “attachment” but no files are attached or the subject is empty.

Getting started with the BETA

To get your hands on the BETA simply visit the SmarterTools BETA release forum, where you’ll see how to:

  • Sign up for the BETA
  • Get a special BETA license key
  • Download the latest BETA release (we update it regularly)
  • Communicate with other BETA testers and the SmarterTools development team
  • Stay up-to-date on the latest release note and BETA news

Sign up for the BETA


Get every new post delivered to your Inbox.

Join 2,227 other followers