Auto-ban outbound email filtering?

bbigford

We have a client, and they are a shared email hosting provider. They are getting on black lists from spammers using their service. I'm going down the road looking for a solution that allows them to auto-ban abusers (could be 24 hours at a time, up to indefinitely based on pattern behavior), to mitigate them getting picked up by blacklists like SORBS. Worth noting, they seem to have a problem with people actually signing up for their services (after having talked with someone over there) and then abusing the system. So the abusers are authenticated.

Any suggestions for ones you've tried?

travisdh1

What type of email server do they use? I'd think rate limiting would be a start. I've never done something like this at the provider level, so I'm interested in what solution(s) you end up with.

JaredBusch

Why are you doing this? If they are an email provider, this is a very basic skill that they should already have in their company.

bbigford

@JaredBusch said in Auto-ban web filtering?:

Why are you doing this? If they are an email provider, this is a very basic skill that they should already have in their company.

I had delisted one of their IPs and setup monitoring for them on MxToolbox. We're their MSP for a few things but not for those systems specifically. They had just asked for recommendations so I've just started down the road researching a few things they could send their email through. They are currently deferring to Barracuda Email Security after X-amount of emails, but those eventually get released and offenders continue sending spam. So it is basically a semi-useless appliance for them.

scottalanmiller

An IT company that needs IT support. Always a bad sign.

bbigford

@scottalanmiller said in Auto-ban outbound email filtering?:

An IT company that needs IT support. Always a bad sign.

Haha I hope you don't mean me... I'm just gathering what people have used so I make a good recommendation.

scottalanmiller

@BBigford said in Auto-ban outbound email filtering?:

@scottalanmiller said in Auto-ban outbound email filtering?:

An IT company that needs IT support. Always a bad sign.

Haha I hope you don't mean me... I'm just gathering what people have used so I make a good recommendation.

LOL, I mean an email company that needs email support from a non-email company for their email.

bbigford

Got it squared away. They have only one public IP right now, so what ended up happening is they are already going from a pair of Barracuda's in their datacenter, but now they are also going through SendGrid using 2 IPs in case one gets black listed.

They have a 3rd as well, that they'll use strictly for reporting. If they get both blacklisted, they could cut over to the 3rd if need be, while they swap out the other 2 for clean IPs.

I made the outbound deferred messages to email filtering more strict, so they can catch it sooner. Also working on some automation to temporarily ban any abusive accounts for 24 hours if they have too many deferred in a period of time.

As far as going through SendGrid, the recipient sees it comes from SendGrid, but the reverse lookup in the header does show the single public IP that they are using now. Things look a lot better now, but still a little work to do.

dbeato

@BBigford said in Auto-ban outbound email filtering?:

As far as going through SendGrid, the recipient sees it comes from SendGrid, but the reverse lookup in the header does show the single public IP that they are using now. Things look a lot better now, but still a little work to do

Do you have the Barracuda doing rate limit per user to 500 per hour or less? When I setup Barracuda devices I make sure that is select and to get notification on high queues. You might want to also have them look into setting up monitoring for the barracuda as when there is many messages to be scanned they tend to lock up and constant firmware updates or patches (Although support is always good).

Setup an Mxtoolbox account to monitor their IP addresses on blacklists. Also make sure they use their cloud barracuda spam filter as well for incoming email.

bbigford

@Eltolargo said in Auto-ban outbound email filtering?:

@BBigford said in Auto-ban outbound email filtering?:

As far as going through SendGrid, the recipient sees it comes from SendGrid, but the reverse lookup in the header does show the single public IP that they are using now. Things look a lot better now, but still a little work to do

Do you have the Barracuda doing rate limit per user to 500 per hour or less? When I setup Barracuda devices I make sure that is select and to get notification on high queues. You might want to also have them look into setting up monitoring for the barracuda as when there is many messages to be scanned they tend to lock up and constant firmware updates or patches (Although support is always good).

Setup an Mxtoolbox account to monitor their IP addresses on blacklists. Also make sure they use their cloud barracuda spam filter as well for incoming email.

Yep, done all that and a bit more with SendGrid. I've set a rate limit on their users, MxToolbox is monitoring their IP addresses, and also monitoring the Barracuda for abusers who have had devices compromised internally, so their accounts will be disabled until further review.

dbeato

@BBigford awesome!