Outbound scanning checklist
Dhawal Doshy
dhawal at netmagicsolutions.com
Tue Nov 7 16:11:05 GMT 2006
Ugo Bellavance wrote:
> Hi,
>
> I will start filtering outbound traffic soon, and here is my
> checklist, to share with you guys, and if someone has something to add,
> I'd be glad to add it. I'll post it on the wiki afterwards.
>
>
>
> 1- Get the list of IP addresses from which we'll receive outgoing e-mails
>
> 2- Allow relaying for these IP addresses
>
> 3- Disable DNSBL checks for theses IP addresses (if necessary)
>
> 4- Make sure your RDNS matches your HELO and that there is an A record
> that matches the RDNS, matching the IP address
>
> 5- Check the SPF records for domains that will be used outbound
>
> 6- Create ruleset as desired/needed: filetype, filenaye, spam checks
> (and always include SA report), content, virus
>
> Did I forget anything?
7. smtp-auth (preferably over SSL)
8. prevent id spoofing over smtp-auth
9. volume / rate based throttling for authenticated users
10. also server side DK/DKIM signing
More information about the MailScanner
mailing list