Outbound spam prevention & reaction
peter at farrows.org
Wed Dec 12 15:46:17 GMT 2007
Ugo Bellavance wrote:
> I was wondering what you guys are doing to prevent outbound spam
> and react to it.
> I relay for a few IPs but I'm a little scared about having spams
> sent through my MS server that may get me listed on a DNSBL... I
> could set a separate server for outbound so that I can tweak it
> I thought of:
> To react:
> - Using the 'bounce' setting in MailScanner so that spam senders
> are notified (for false positives). A "forward" rule could also be
> used to alert someone
> - Have a second quarantine report running to show quarantined
> outbound e-mails, per IP address, or something similar
> However, SA is not as good at detecting spam when it is going
> outbound, so I thought we should enforce a strict throttling on all
> outbound IPs (connection rate & concurrent connections).
> If several spams are caught, what would be your reaction? Deny the
> relay or firewall them off? Deny relay would mean that they would get
> DSNs when trying to send, and they would "loose" their e-mails"
> To prevent:
> Hum... I have no idea except to enforce strict firewalling and good
> sysadmin practices...
> Any opinions?
I run the maillog through a perl script that counts the number of
messages sent from any IP per minute when it reaches a threshold, they
are flagged as a spammer in real time and stopped...
Ithen use a MS machine just to check for viruses etc outbound.
This message has been scanned for viruses and
dangerous content by the Enhancion system Scanner
and is believed to be clean.
More information about the MailScanner