Changing outgoing email IP

Submitted by rjrsinc on Mon, 12/03/2012 - 08:55 Pro Licensee

We have a group of IP addresses and we currently use a single one for outgoing email for all out email clients. Is there a way to change the IP being used for outgoing email? We recently had a client system compromised and it was sending mass garbage from our server and need to change our outgoing IP and ensure delivery.

Status: 
Closed (fixed)

Comments

Submitted by andreychek on Mon, 12/03/2012 - 09:22

Howdy -- email (and all traffic, actually) goes out via the default IP, which is generally the primary IP of your server.

Recently, Virtualmin added support for a feature to allow domains that have a private IP to send out email via that private IP, rather than the default IP.

It takes some fancy Postfix configuration to make that work though, and it requires Postfix 2.7. That unfortunately won't work with the Postfix version that comes with Ubuntu 8.04.

The spam problem you're describing can happen, unfortunately... however, the various RBL's out there understand that, and most will remove you automatically after they stop seeing spam coming from your server (sometimes after a day or so goes by). A few will require you to contact them to let them know you corrected the problem.

Your IP reputation may be back to normal shortly, and it may not be necessary to make any changes.

However, two manual things you could do to change the IP used for email are:

  1. Change the default IP of your server to a different IP (typically, that would mean changing the IP for your "eth0" interface)

  2. If you don't mind getting your hands a little dirty, your could manually edit your Postfix config, and set the "smtp_bind_address" option as described at this URL:

http://www.postfix.org/postconf.5.html#smtp_bind_address

Submitted by rjrsinc on Mon, 12/03/2012 - 09:38 Pro Licensee

Thanks for the info. We were able to identify the user account that was compromised and shut down the attack. It ran from about 2:30am-8:30am. We were only blacklisted on PSBL, but thebig issue is a poor reputation reporting from senderbase.org. They don't believe they offer a way to de-list, although I'm trying to find out if there is a way.

I will check out the smtp_bind_address option and see if Canonical has some guidance in this area. We are also looking to see if there is a way to throttle an authenticated user's account when more than a certain amount of email is being sent. Do you have any guidance on that topic?

Submitted by andreychek on Mon, 12/03/2012 - 17:50

We don't have a suggestion for rate limiting the emails, though you can setup a notification for when the email queue grows too large, which commonly occurs during incidents like you ran into.

To do that, you can go into Webmin -> Others -> System and Server Status, and add a new monitor for "Mail Queue Size". That can then notify you whenever your mail queue grows to "N" messages.

Submitted by rjrsinc on Tue, 12/11/2012 - 07:22 Pro Licensee

Took a while to get back to this. I also ran the request through Canonical and they provided some info on modifyinf the config to limit the amount of email sent within a declared time frame. I will also be using your suggestion. Thank you so much.

Submitted by andreychek on Tue, 12/11/2012 - 09:24

Would you mind if I asked what Canonical suggested? I'm curious how they would recommend handling that.

Submitted by rjrsinc on Tue, 12/11/2012 - 12:23 Pro Licensee

Sure thing. Here's there direction: Postfix does have rate limiting capabilities, an overview is available here: http://www.postfix.org/TUNING_README.html#conn_limit . Specifically, I would suggest the smtpd_client_message_rate_limit option.

However, these options are designed to be applied to all accounts. So you could prevent anyone from sending more than 20 emails a minute, etc. Please let me know if this works for you.