Email alert when an account tries to send over the per hour email limit

Natalie Chamberlain shared this idea 4 months ago
Open Discussion

This feature would help me to detect compromises where malware is using my server to send spam emails. An alert to 'unusual sending behaviour' of this kind in the mail queue would save me many headaches. I currently check the mail queue twice daily, as my server IP has been blocked in the past as I didn't detect the spam sending in time, and I am afraid of it hapening again.

The faster I detect the compromise, the better outcome for me and the account holder.

Comments (25)

photo
4

This sounds like a very good idea. I imagine that you see this as added as an alert within the "Contact Manager" section of WHM?

photo
2

That would certainly be ideal.

photo
2

I'd love to see something like this implemented. Currently, we use our own bash script to monitor the size of the Exim queue, and if it reaches an abnormal size, we investigate. Getting an alert when a customer attempts to send more than their hourly limit would be another tool in the toolbox to not only catch compromised email accounts, but also a tool to improve customer service, as we can contact a customer proactively and discuss the situation (perhaps it will warrant increasing their hourly limits, or selling them an upgraded hosting package).

photo
1

This would be great. I would DEFINITELY set this to my mobile email/sms/page address.

Doesn't seem hard to implement either. @Benny?

photo
1

this issue has a lot likes and is essential!

what are we waiting for?

photo
1

Hi everybody. :D

This is actually quite a bit more difficult to implement than one might anticipate, but we're discussing it quite a bit internally right now (which is why all of these requests have been merged). Once there's something in a public build for you guys to take a look at, I'll let you know!

photo
4

I would go even further....

Client should also received an email in his language (template should be customizable also), since issue will have to be solved by hilmself at the end...

photo
3

This is an interesting idea... this would be similar to the bandwidth and disk space emails that customers receive. I like it.

- Scott

photo
photo
3

This feature is being included in version 66 of cPanel & WHM, and is able to be previewed in the development build that's currently in the EDGE tier. This video goes over how it will work:

https://www.youtube.com/watch?v=O-vpiUg2Ls8

Please take a look and let us know what you think!

photo
2

Great feature, thanks! Just watched the video.. Laurence has a very soothing voice too :D

photo
2

I like this new feature, but it's not the same as requested.

500 emails over the course of a day seems completely normal, 500 in an hour is not so much, that's why this request says "hour email limit" and not "daily threshold"

photo
1

Excellent news!

photo
1

finally ! wonderful feature !

photo
1

@Silent Ninja, that's a good point! I missed that the subject of the request specifically referenced an hourly alert. For now I've moved this back to 'Open Discussion', but there is some work that's planned for version 68 that might resolve this request. Once that work is in an EDGE build, I'll be back to give an update!

photo
1

Thanks Benny, again it's appreciated that a new form of alert is implemented :)

Nowadays I'm manually checking the logs for occurrences of the max defers / hourly limit errors to see which users attempted to send more than permitted, and they're usually either a newsletter or spam. Perhaps you could check that as well with this feature and notify when more than N errors have popped up from a certain domain.

photo
1

Why not make the time a configurable option in the tweak settings along with the number of allowed emails? For example, put a textbox with numeric value where the lines are:

Domains may send _____ number of emails per _____ hour(s).

This way, we can configure BOTH options as desired.

photo
1

@electric: That's certainly one option for version 68. We'll have to see where things land, and what the team is able to deliver.

photo
1

Yes, although a daily alert is better than nothing, a check against the domain's hourly limit would be ideal. And this limit mary vary from domain to domain. This would provide a more accurate method of detecting compromised accounts, and provide opportunity for the administrator to take faster action, as per @Silent Ninja's comment.

photo
1

Hi everyone, I have 'providing the email notification' on SWAT's backlog for v68.

@electric: Regarding your suggestion to make the time configurable as well, I will take into consideration as an iteration. We are working on another feature that might lay the ground work for that which might make adding it easier, but I'd say is a Nice to Have for now.

photo
photo
1

We want to be able to add this notification in version 68, but the scope of the feature needs to stay small. Currently, the feature would only include the ability to turn on/off notifications, and wouldn't include additional customizations (how often you would be notified, for example).

My question to you folks is: how often would you like to be notified, and would you still find it useful without that customization?

photo
3

Yes, still useful.

Notify us once per hour, for every hour a domain tries to send over their limit.

- Scott

photo
1

I agree with Scott - this would be really good in any form for now!

photo
1

Hourly notification would be better. That way we are instantly in the loop when a domain misbehaves

photo
1

I would consider this a useful addition providing the admin isn't barraged with email notifications. Notifications sent once an hour would be ideal.

photo
photo
3

@Kelli Grand,

Yes, I would definitely still find it useful without the customisation. Even a single notification when a domain tries to send over their per hour email limit in a 24hr window would satisfy. And at the very most, perhaps an email for every hour a domain tries to send over their limit.