Outbound spam prevention & reaction

[Peter Farrow]

Ugo Bellavance wrote:
> Hi,
>
>     I was wondering what you guys are doing to prevent outbound spam 
> and react to it.
>
>     I relay for a few IPs but I'm a little scared about having spams 
> sent through my MS server that may get me listed on a DNSBL...  I 
> could set a separate server for outbound so that I can tweak it 
> differently...
>
> I thought of:
> To react:
>
>     - Using the 'bounce' setting in MailScanner so that spam senders 
> are notified (for false positives).  A "forward" rule could also be 
> used to alert someone
>
>     - Have a second quarantine report running to show quarantined 
> outbound e-mails, per IP address, or something similar
>
> However, SA is not as good at detecting spam when it is going 
> outbound, so I thought we should enforce a strict throttling on all 
> outbound IPs (connection rate & concurrent connections).
>
>     If several spams are caught, what would be your reaction? Deny the 
> relay or firewall them off?  Deny relay would mean that they would get 
> DSNs when trying to send, and they would "loose" their e-mails"
>
> To prevent:
>
> Hum... I have no idea except to enforce strict firewalling and good 
> sysadmin practices...
>
> Any opinions?
>
I run the maillog through a perl script that counts the number of 
messages sent from any IP per minute when it reaches a threshold, they 
are flagged as a spammer in real time and stopped...

Ithen use a MS machine just to check for viruses etc outbound.
P,

-- 
This message has been scanned for viruses and
dangerous content by the Enhancion system Scanner
and is believed to be clean.
http://www.enhancion.net