Question Plesk Firewall Question

[Mathias]

Hello,

I am tired of all these spammers who try to send spam mails over my server or to get access to SSH or FTP. So I configured fail2ban with very strong rules (1 failed attempt per jail, only recidive allows 2) and the list of blocked IPs is growing daily. I also added an apache-404 fail2ban filter, that filters out any IP address for people or bots searching for wordpress installations, which do not exist on my server. For this reason I changed the firewall rule for SSH (disallow all incoming traffic) and I thought of doing the same with SMTP service (sending mail server, disallow all incoming traffic, allow outgoing traffic). Does it make sense to do so? Does the SMTP server send emails then or not? I just would like to make the server unavailable for spammers and hackers.

 

[vimobe]

For handling spammers you may want to look at spam filter (spam assasin).
Fail2ban effective to prevent bruteforce login to your server.

You may want to change your SSH port from default port22 to other port, and also use encryption key for verification method.

If your problem is ppl sending spam email to you then pls look at spam assasin. If your email goes into junkmail please setup a proper DKIM, SPF and DMARC record

 

[Mathias]

Thanks for your answer. My problem are the people who try to login on port 25 (SMTP) to send spam mails over my server. Now I adjusted the firewall rule for SMTP server (allow incoming from my server's IP address and deny all other incoming traffic).

Yes, when I send emails for example to Googlemail (gmail) or Yahoo, then emails from my server's IP address are treated as spam and go to junk folder. I don't know what a DKIM, SPF and DMARC record is and how to set it up. Any help, please.

 

[vimobe]

you may want to check your IP address if it is get blacklisted or not. If your IP is blaclisted then the only way to go is to relay your email through SMTP relay server.
free smtp relay server available but with some limitations.

you are hosting physical server or virtual server? if its virtual server you may want to check the ip before proceed with installation.

I deploy a special email server and separate it from my web server and use SMTP relay to control and prevent outgoing spam (my plesk running without mail server.

 

[Kaspar]

Thanks for your answer. My problem are the people who try to login on port 25 (SMTP) to send spam mails over my server. Now I adjusted the firewall rule for SMTP server (allow incoming from my server's IP address and deny all other incoming traffic).

Unfortunately your server will always be probed for security issues and there will always be random SMTP attempts. There is noting you can do to stop it. But you can prevent 'hackers' to access your server. Fail2ban is a good tool to prevent bruteforce logins. However most importantly is to use strong passwords for your e-mail mailbox. Secondly set a limit for the number of emails each domains is allowed to send daily (and hourly). If an mailbox gets compromised it helps to reduces the impact. Besides setting a limit helps you identify and discover compromised domains. Because you (can) get notified when the limit is reached.

Also make sure you keep your server updated

Yes, when I send emails for example to Googlemail (gmail) or Yahoo, then emails from my server's IP address are treated as spam and go to junk folder. I don't know what a DKIM, SPF and DMARC record is and how to set it up. Any help, please.

If your email gets marked as spam by Gmail, Yahoo, or Outlook (Hotmail) it does not necessarily mean your server has been compromised. It might just not be configured correctly.

First check if your server IP is blacklisted. For example using Email Blacklist Check - IP Blacklist Check - See if your server is blacklisted. If it is, well, you've got a lot of work ahead of you.

If you server is not blacklisted it is probably not configured right to send email. The most common issue (in my experience) is a missing or wrongly configured rDNS. Make sure your rDNS is pointing to your servers hostname. Also it good practice to setup a SPF record and possibly enable DKIM.

 

[RichardvdB]

Thanks for your answer. My problem are the people who try to login on port 25 (SMTP) to send spam mails over my server. Now I adjusted the firewall rule for SMTP server (allow incoming from my server's IP address and deny all other incoming traffic).

Yes, when I send emails for example to Googlemail (gmail) or Yahoo, then emails from my server's IP address are treated as spam and go to junk folder. I don't know what a DKIM, SPF and DMARC record is and how to set it up. Any help, please.

Hi Mathias, happy to help! Just went through the whole thing for a domain. Have my own VPS on Strato and with plesk. Most is actually dns (I do not have my own dns installed, I use the registrars).

Also looking to stop the SMTP telnet or netcat option. Although with all the authentication I have, they can only send to domains on the VPS (localhost) and even then it is marked as Junk/Spam. I will look into the firewall rule you used.