Outbound spam prevention & reaction

Ugo Bellavance ugob at lubik.ca
Wed Dec 12 16:31:37 GMT 2007

Peter Farrow wrote:
> Ugo Bellavance wrote:
>> Hi,
>>     I was wondering what you guys are doing to prevent outbound spam 
>> and react to it.
>>     I relay for a few IPs but I'm a little scared about having spams 
>> sent through my MS server that may get me listed on a DNSBL...  I 
>> could set a separate server for outbound so that I can tweak it 
>> differently...
>> I thought of:
>> To react:
>>     - Using the 'bounce' setting in MailScanner so that spam senders 
>> are notified (for false positives).  A "forward" rule could also be 
>> used to alert someone
>>     - Have a second quarantine report running to show quarantined 
>> outbound e-mails, per IP address, or something similar
>> However, SA is not as good at detecting spam when it is going 
>> outbound, so I thought we should enforce a strict throttling on all 
>> outbound IPs (connection rate & concurrent connections).
>>     If several spams are caught, what would be your reaction? Deny the 
>> relay or firewall them off?  Deny relay would mean that they would get 
>> DSNs when trying to send, and they would "loose" their e-mails"
>> To prevent:
>> Hum... I have no idea except to enforce strict firewalling and good 
>> sysadmin practices...
>> Any opinions?
> I run the maillog through a perl script that counts the number of 
> messages sent from any IP per minute when it reaches a threshold, they 
> are flagged as a spammer in real time and stopped...

That sounds like a good idea... mind sharing your script?



More information about the MailScanner mailing list