Outbound spam prevention & reaction
ugob at lubik.ca
Wed Dec 12 16:31:37 GMT 2007
Peter Farrow wrote:
> Ugo Bellavance wrote:
>> I was wondering what you guys are doing to prevent outbound spam
>> and react to it.
>> I relay for a few IPs but I'm a little scared about having spams
>> sent through my MS server that may get me listed on a DNSBL... I
>> could set a separate server for outbound so that I can tweak it
>> I thought of:
>> To react:
>> - Using the 'bounce' setting in MailScanner so that spam senders
>> are notified (for false positives). A "forward" rule could also be
>> used to alert someone
>> - Have a second quarantine report running to show quarantined
>> outbound e-mails, per IP address, or something similar
>> However, SA is not as good at detecting spam when it is going
>> outbound, so I thought we should enforce a strict throttling on all
>> outbound IPs (connection rate & concurrent connections).
>> If several spams are caught, what would be your reaction? Deny the
>> relay or firewall them off? Deny relay would mean that they would get
>> DSNs when trying to send, and they would "loose" their e-mails"
>> To prevent:
>> Hum... I have no idea except to enforce strict firewalling and good
>> sysadmin practices...
>> Any opinions?
> I run the maillog through a perl script that counts the number of
> messages sent from any IP per minute when it reaches a threshold, they
> are flagged as a spammer in real time and stopped...
That sounds like a good idea... mind sharing your script?
More information about the MailScanner