Outbound spam prevention & reaction

Ugo Bellavance ugob at lubik.ca
Wed Dec 12 15:30:04 GMT 2007


	I was wondering what you guys are doing to prevent outbound spam and 
react to it.

	I relay for a few IPs but I'm a little scared about having spams sent 
through my MS server that may get me listed on a DNSBL...  I could set a 
separate server for outbound so that I can tweak it differently...

I thought of:
To react:

	- Using the 'bounce' setting in MailScanner so that spam senders are 
notified (for false positives).  A "forward" rule could also be used to 
alert someone

	- Have a second quarantine report running to show quarantined outbound 
e-mails, per IP address, or something similar

However, SA is not as good at detecting spam when it is going outbound, 
so I thought we should enforce a strict throttling on all outbound IPs 
(connection rate & concurrent connections).

	If several spams are caught, what would be your reaction? Deny the 
relay or firewall them off?  Deny relay would mean that they would get 
DSNs when trying to send, and they would "loose" their e-mails"

To prevent:

Hum... I have no idea except to enforce strict firewalling and good 
sysadmin practices...

Any opinions?

More information about the MailScanner mailing list