Results 1 to 5 of 5

Thread: Prevent DDOS Attack to Zimbra Mail Server

  1. #1
    Join Date
    May 2007
    Location
    Indonesia
    Posts
    149
    Rep Power
    8

    Default Prevent DDOS Attack to Zimbra Mail Server

    Hi,

    One of our client migrating their MDaemon Mail Server into Zimbra Mail Server. Due to their poor setup on MDaemon mail server, their domain become DDOS Attack, thousand incoming spam mail from various IP and various unknown account with their domain as target. Zimbra successfully reject all spam by using b.barracudacentral.org and zen.spamhaus.org even before going to queue, but sometimes, all incoming thread full with DDOS.

    Is there any advise to prevent DDOS attack, both within Zimbra, OS or using anti spam/anti virus/UTM appliance? Any advise highly appreciate, especially based on real experience.
    Best Regards
    ---
    Masim "Vavai" Sugianto
    Zimbra Tutorial
    Personal Blog [ID]

    Release 8.0.6_GA_5922.SLES11_64_20131203103702 SLES11_64 FOSS edition.

  2. #2
    Join Date
    Apr 2009
    Posts
    304
    Rep Power
    6

    Default

    Can you use iptables to block the spammer?

  3. #3
    Join Date
    May 2007
    Location
    Indonesia
    Posts
    149
    Rep Power
    8

    Default

    Quote Originally Posted by Tripple View Post
    Can you use iptables to block the spammer?
    I've applying iptables to block spammer by country :-) but DDOS using various IP and too bad to block each of them.
    Best Regards
    ---
    Masim "Vavai" Sugianto
    Zimbra Tutorial
    Personal Blog [ID]

    Release 8.0.6_GA_5922.SLES11_64_20131203103702 SLES11_64 FOSS edition.

  4. #4
    Join Date
    Dec 2012
    Location
    Hyderabad
    Posts
    30
    Rep Power
    2

    Default

    We usually use cloud based SaaS (mxlogic by McaFee or trend micro or other 3rd party) to block spam, but for this MX record need to changed and for better security we need to accept mails from SaaS provided IP's (this we need to configure at firewall)

    workflow:

    outside domain mail --> 3rd party SaaS (filter for virus and spam and here we have many options we can customize rules as per our organization requirements) --> received to your mail server.

    From firewall side we need to configure a rule to accept mails only from SaaS provided IP's (using this we can block direct connections to SMTP)
    Thanks,
    Anudeep.
    From itopstube.com

  5. #5
    Join Date
    May 2007
    Location
    Indonesia
    Posts
    149
    Rep Power
    8

    Default

    Hi,

    Quote Originally Posted by anudeep@itopstube.com View Post
    We usually use cloud based SaaS (mxlogic by McaFee or trend micro or other 3rd party) to block spam, but for this MX record need to changed and for better security we need to accept mails from SaaS provided IP's (this we need to configure at firewall)

    workflow:

    outside domain mail --> 3rd party SaaS (filter for virus and spam and here we have many options we can customize rules as per our organization requirements) --> received to your mail server.

    From firewall side we need to configure a rule to accept mails only from SaaS provided IP's (using this we can block direct connections to SMTP)
    Thank you for the suggestion. I've encourage our client to setup their front-end email to use anti spam appliance designed to prevent DDOS attack, both using hardware/software appliance and also by using cloud-based anti spam appliance. If anyone have any relevant article to prevent/against DDOS attack, especially DDOS to mail server, I would be more than happy to learn.
    Best Regards
    ---
    Masim "Vavai" Sugianto
    Zimbra Tutorial
    Personal Blog [ID]

    Release 8.0.6_GA_5922.SLES11_64_20131203103702 SLES11_64 FOSS edition.

Similar Threads

  1. Internal Mail Attack
    By Bufonx in forum Administrators
    Replies: 5
    Last Post: 11-13-2010, 09:12 AM
  2. Internal Mail Attack
    By Bufonx in forum Error Reports
    Replies: 1
    Last Post: 11-12-2010, 07:54 AM
  3. Replies: 25
    Last Post: 10-16-2009, 12:32 AM
  4. how to prevent mail being dropped on the server directly
    By PatrickIPM in forum Installation
    Replies: 0
    Last Post: 08-29-2008, 03:00 AM
  5. Replies: 12
    Last Post: 03-14-2006, 12:02 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •