Outbound spam prevention & reaction
Denis.Beauchemin at USherbrooke.ca
Wed Dec 12 16:00:29 GMT 2007
Peter Farrow a écrit :
> Ugo Bellavance wrote:
>> I was wondering what you guys are doing to prevent outbound spam
>> and react to it.
>> I relay for a few IPs but I'm a little scared about having spams
>> sent through my MS server that may get me listed on a DNSBL... I
>> could set a separate server for outbound so that I can tweak it
>> I thought of:
>> To react:
>> - Using the 'bounce' setting in MailScanner so that spam senders
>> are notified (for false positives). A "forward" rule could also be
>> used to alert someone
>> - Have a second quarantine report running to show quarantined
>> outbound e-mails, per IP address, or something similar
>> However, SA is not as good at detecting spam when it is going
>> outbound, so I thought we should enforce a strict throttling on all
>> outbound IPs (connection rate & concurrent connections).
>> If several spams are caught, what would be your reaction? Deny
>> the relay or firewall them off? Deny relay would mean that they
>> would get DSNs when trying to send, and they would "loose" their
>> To prevent:
>> Hum... I have no idea except to enforce strict firewalling and good
>> sysadmin practices...
>> Any opinions?
> I run the maillog through a perl script that counts the number of
> messages sent from any IP per minute when it reaches a threshold, they
> are flagged as a spammer in real time and stopped...
> Ithen use a MS machine just to check for viruses etc outbound.
I do about the same thing using milter-limit (free). My main servers
get high limits but users get:
I set a lower limit for VPN and wireless users.
It does catch a few every day.
I also bounce spam back to the sender (just on my internal servers). I
bounce about a dozen each day.
Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x62252 F: 819.821.8045
More information about the MailScanner