Outbound spam prevention & reaction

Denis Beauchemin Denis.Beauchemin at USherbrooke.ca
Wed Dec 12 16:00:29 GMT 2007

Peter Farrow a écrit :
> Ugo Bellavance wrote:
>> Hi,
>>     I was wondering what you guys are doing to prevent outbound spam 
>> and react to it.
>>     I relay for a few IPs but I'm a little scared about having spams 
>> sent through my MS server that may get me listed on a DNSBL...  I 
>> could set a separate server for outbound so that I can tweak it 
>> differently...
>> I thought of:
>> To react:
>>     - Using the 'bounce' setting in MailScanner so that spam senders 
>> are notified (for false positives).  A "forward" rule could also be 
>> used to alert someone
>>     - Have a second quarantine report running to show quarantined 
>> outbound e-mails, per IP address, or something similar
>> However, SA is not as good at detecting spam when it is going 
>> outbound, so I thought we should enforce a strict throttling on all 
>> outbound IPs (connection rate & concurrent connections).
>>     If several spams are caught, what would be your reaction? Deny 
>> the relay or firewall them off?  Deny relay would mean that they 
>> would get DSNs when trying to send, and they would "loose" their 
>> e-mails"
>> To prevent:
>> Hum... I have no idea except to enforce strict firewalling and good 
>> sysadmin practices...
>> Any opinions?
> I run the maillog through a perl script that counts the number of 
> messages sent from any IP per minute when it reaches a threshold, they 
> are flagged as a spammer in real time and stopped...
> Ithen use a MS machine just to check for viruses etc outbound.
> P,
I do about the same thing using milter-limit (free).  My main servers 
get high limits but users get:
# Defaut
milter-limit-Connect:   50/1h

I set a lower limit for VPN and wireless users.

It does catch a few every day.

I also bounce spam back to the sender (just on my internal servers).  I 
bounce about a dozen each day.


Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x62252 F: 819.821.8045

More information about the MailScanner mailing list