HCL Notes and Domino 9.0 Social Edition Forum - How to protect iNotes against bulk POSTs from spammers?

This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Share ▼
Subscribe ▼

~Anita Nimponezenynds

May 11, 2015, 2:00 PM

3 Posts

How to protect iNotes against bulk POSTs from spammers?

Category: iNotes
Platform: Windows
Release: 9.0.1
Role: Administrator,Developer
Tags:
Replies: 2

Sometimes, accounts get hacked (likely by phishing mails) and more and more, spam-senders know how to post new email to the iNotes server.

In the http log i see loads of requests like:

"POST /mail/username.nsf/($Inbox)/$new/?EditDocument&Form=h_PageUI&PresetFields=h_EditAction;h_ShimmerEdit,s_ViewName;($Inbox),s_NotesForm;Memo&ui=dwa_form HTTP/1.1" etc.

folowed by:

"POST /mail/username.nsf/iNotes/Proxy/?EditDocument&Form=s_ValidationJson HTTP/1.1" etc.

For the server, this might look like normal user-behavior, but sending hundreds of emails per minute is not normal. So my question:

Is there a way to limit the number of emails which are sent per time-unit and/or launch a signal when such an abnormal rate occurs?

The outgoing spam filter will limit the rate to 500 mails/hour but i prefer to block the stuff at the front door.

Thanks

Roel

~Frank Umtumioni

May 11, 2015, 7:44 PM

11 Posts

Can you provide more details?

Hello Roel,

I'm not sure I understood how the exploit happens and if it is an iNotes vulnerability that should be addressed accordingly.

Would you please provide more details about what you see both in the logs or in the user interface?

Thank you!

Edson Luis Almeida Viana

~Alexis Quetjipyter

May 12, 2015, 6:26 PM

46 Posts

Change the internet password

You can change the Internet Password for the affected user and spammers will no longer be able to use that hacked account.

And maybe you should check your security configuration if this is a recurrent problem for you. Your users accounts should not be hacked as a regular basis.

If your users are negligent about their passwords, you may want to set up password expiration so they'll be forced to change it after a certain period of time.

Share ▼
Subscribe ▼