Outbound spam prevention & reaction
Ugo Bellavance
ugob at lubik.ca
Wed Dec 12 16:31:37 GMT 2007
Peter Farrow wrote:
> Ugo Bellavance wrote:
>> Hi,
>>
>> I was wondering what you guys are doing to prevent outbound spam
>> and react to it.
>>
>> I relay for a few IPs but I'm a little scared about having spams
>> sent through my MS server that may get me listed on a DNSBL... I
>> could set a separate server for outbound so that I can tweak it
>> differently...
>>
>> I thought of:
>> To react:
>>
>> - Using the 'bounce' setting in MailScanner so that spam senders
>> are notified (for false positives). A "forward" rule could also be
>> used to alert someone
>>
>> - Have a second quarantine report running to show quarantined
>> outbound e-mails, per IP address, or something similar
>>
>> However, SA is not as good at detecting spam when it is going
>> outbound, so I thought we should enforce a strict throttling on all
>> outbound IPs (connection rate & concurrent connections).
>>
>> If several spams are caught, what would be your reaction? Deny the
>> relay or firewall them off? Deny relay would mean that they would get
>> DSNs when trying to send, and they would "loose" their e-mails"
>>
>> To prevent:
>>
>> Hum... I have no idea except to enforce strict firewalling and good
>> sysadmin practices...
>>
>> Any opinions?
>>
> I run the maillog through a perl script that counts the number of
> messages sent from any IP per minute when it reaches a threshold, they
> are flagged as a spammer in real time and stopped...
>
That sounds like a good idea... mind sharing your script?
Regards,
Ugo
More information about the MailScanner
mailing list