Development of the Automated Alert System for Detection and Handling of Compromised Email Accounts

Authors

  • Arthur S. Petrosyan Institute for Informatics and Automation Problems of NAS RA
  • Gurgen S. Petrosyan Institute for Informatics and Automation Problems of NAS RA
  • Robert N. Tadevosyan Institute for Informatics and Automation Problems of NAS RA

DOI:

https://doi.org/10.51408/1963-0140

Keywords:

Email, SPAM, Alert system, Telegram bot

Abstract

With the increasing volume of email-based attacks and unauthorized access to mail servers, the need for automated monitoring and response mechanisms has become essential. This paper presents the development of an automated alert system designed to detect and handle compromised email accounts. The system monitors the mail server queue on a Linux server, detecting anomalies based on a significant surge in queued messages. Upon identifying suspicious activity, the system attempts to determine the username associated with the highest number of SASL authentications and triggers appropriate alerts or mitigation actions. Additionally, the system is integrated with a Telegram bot, allowing administrators to take immediate corrective actions remotely. This approach provides a lightweight, effective method for preventing email abuse and ensuring the integrity of email servers.

References

Fail2Ban: ban hosts that cause multiple authentication errors․ [Online]. Available: https://github.com/fail2ban/fail2ban

Rspamd,Fast, free and open-source spam filtering system. [Online]. Available: https://rspamd.com

Apache SpamAssassin, Open Source anti-spam platform․ [Online]. Available: https://spamassassin.apache.org/

SASL Authentication Mechanism, [Online]. Available: https://www.cyrusimap.org/sasl

Telegram Bot API Documentation, [Online]. Available: https://core.telegram.org/bots/api

What is an intrusion detection system (IDS)? [Online]. Available: https://www.ibm.com/think/topics/intrusion-detection-system

Postfix Performance Tuning․ [Online]. Available: https://www.postfix.org/TUNING_README.html

Domain Name System blocklist․ [Online]. Available: https://en.wikipedia.org/wiki/Domain_Name_System_blocklist

Postfix MTA․[Online]. Available: http://www.postfix.org

Sharing Software, IBM to Release Mail Program Blueprint․ [Online]. Available: https://archive.nytimes.com/www.nytimes.com/library/tech/98/12/biztech/articles/14blue.html

Postfix free and open-source mail transfer agent (MTA)․ [Online]. Available: https://en.wikipedia.org/wiki/Postfix_(software)

Cron job scheduler․ [Online]. Available: https://en.wikipedia.org/wiki/Cron

Systemd․ [Online]. Available: https://en.wikipedia.org/wiki/Systemd

The Academic Scientific Research Computer Network of Armenia․ [Online]. Available: (ASNET-AM) https://asnet.am

Downloads

Published

2025-12-01

How to Cite

Petrosyan, A. S., Petrosyan, G. S., & Tadevosyan, R. N. (2025). Development of the Automated Alert System for Detection and Handling of Compromised Email Accounts. Mathematical Problems of Computer Science, 64, 56–65. https://doi.org/10.51408/1963-0140

Issue

Vol. 64 (2025): Mathematical Problems of Computer Science

Section

Articles

License

Copyright (c) 2025 Arthur S. Petrosyan, Gurgen S. Petrosyan & Robert N. Tadevosyan

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Most read articles by the same author(s)