One of the hassles of being a geek is that you actually get your hands dirty with technology.  Usually that’s a good thing.  But sometimes it isn’t.  Yesterday at 5am, I started getting SMS messages from our mail server indicating that services were failing.   I had no idea why this was happening.

Now if I wasn’t a geek, I would not have a server to manage and whom ever provides our web/email would take care of the problem.  But I am a geek and want the flexibility to do things that don’t come in a standard solution from a web/email provider.  So that means I had to be the one to figure why I was getting SMSs at 5am.

It turns out an email account got compromised and spammers were hammering our server with SPAM they were sending.  Thank goodness my hosting company (www.powervps.com) has great support.  They were able to identify the problem and help me fix it.

Now I’m not really sure how spammers got the password for one of our email accounts.  We use IMAP and SMTP AUTH, both of which send the password unencrypted but only a sniffer at the ISP would be able to grab that.  And I assume most (if not all) ISPs protect against this.  Anyways, I decided that we needed to get all email clients using TLS and SSL.  Turns out TLS was already enabled on the server and all I had to do was add a SSL cert for IMAP.  So, hopefully we are protected now.

Along the way, someone suggested I should also look at SPF and domainkeys.  Now they really don’t have anything to do with the issue but they are good things to implement anyways.  I had already added SPF records to our DNS but was not familiar with domainkeys.  So I spent saturday morning tackling this.

Turns out domainkeys is not that hard to implement as I’m on a host with cpanel, which supports domainkeys.  The only complication is that I have our DNS hosted at a DNS hosting provider (so I can get redundancy).  So on our hosted server, I just used /usr/local/cpanel/bin/domain_keys_install account to generate a private/public key and make it available to exim.  And then I took the entry added to the DNS file in /var/named and added it to our external DNS provider.  So now, between the SPF and domainkeys, we should not have much, if any, email rejected.

All in all a satisfying couple of hours.

It turns out spammers had gotten one of the passwords for an email account and where using the server to send a ton of SPAM.   Now, if I wasn’t a geek, I would have just gotten our email from a service provider and just have to