How do others do it?

Tue Dec 5 19:35:03 GMT 2006

Chandler, Jay spake the following on 12/5/2006 11:17 AM:
> Scott Silva wrote:
>> Chandler, Jay spake the following on 12/5/2006 10:05 AM:
>>> I'm three months into the mail management duties, and I've taken the
>>> university from a kludged together implementation of SpamAssassin to
>>> running on MailScanner for inbound.
>>>
>>> Now I'm preparing to tackle the task of setting up Mailscanner
>>> outbound. 
>>>
>>> Obviously I want virus scanning enabled, but how do most of you
>>> handle the spam scanning issue?  Do you tag and pass, do you not
>>> scan at all, or some other option? 
>>>
>> If students will be accessing the mail system, then I would hold them
>> to the same standards that you apply to incoming mail. Students are
>> notorious for doing things "they aren't supposed to do". You can
>> whitelist any administration people that need to be.   
> 
> Unfortunately, we're in a position where there are close to 2000 staff
> members who'll be using it-- two boxes handle the entire outbound load
> for everything, be it our webmail, exchange server traffic, and (since
> we disabled port 25 outbound a couple months back) any SMTP traffic
> whatsoever that leaves our network.
> 
> I do realize that if I start flagging departmental messages as spam,
> I'll catch hell, so how have others balanced the greater good of society
> with the needs of their local institutions?
> 
> 
That is a touchy situation. You will have to try and balance the needs and
desires of the staff with the possibility of your servers getting blacklisted
if someone gets infected with a spambot. The likelyhood of any spambots
actually going through your servers is less of a problem, so if you can block
any mail traffic that doesn't go through your servers, you will be way ahead.

One way is to limit access to outside mail accounts except through webmail or
VPN. That will let the occasional outsider on your network like guest speakers
or service personnel to get out. I scan internal mail, but whitelist the
"important" people, like my boss, and her boss, and anybody deemed to be in
the "executive" level. Everyone else needs to be held accountable for what
they send.
You can just tag it, or add a header and track it. You don't necessarily have
to alter the messages. With an addon like Mailwatch, you can whitelist
internal mail, but still add the spam scores so you can track if anybody is
abusing the e-mail, or just tends to send spammy looking mail like ALL CAPS or
lots of blue or red text. Then you can politely help them so other servers
don't see them as spam.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!