Outbound spam prevention & reaction

R Wahyudi rwahyudi at gmail.com
Thu Dec 13 02:37:50 GMT 2007 

Im running mail server for ISP. We use separate server for incoming and 
outgoing mail server and postfix as our MTA.

We set our outgoing MTA with following restriction when they are not 
authenticated :

   1.
      Within 10 minutes , client can make  20 connection to our server 
   2.
      Within 10 minutes , user can send email(s) with a maximum of 150
      recipients.
   3.
      In 1 connection, user can include up to 150 recipients.

When user hit this limit we give them SMTP error with link to a website 
which show them
what this error message means and instruction on how to setup smtp auth 
if they want to send large quantity of email.

Authenticated user have far less restriction compared to non 
authenticated user.

All outgoing mail scanned by MailScanner with customized SA rules.
Basically we disable all RBL based check and few rules that trigger 
false positive.
Increase URIBL / SURBL scoring so it reach high scoring spam & increase 
razor score.

We use MailWatch to log email transaction details to MySQL database and 
we create
a script to find IP addresses that send more than 5 spam/virus in 30 
minutes.
We blacklist these offender at SMTP level for 2 hour.

The SMTP rejection error message contain URL asking them to go our spam 
report website.
When user go to this website, we get their origin IP address and provide 
them explanation on why they get blacklisted,
status if they are still on the blacklist, and also a list of Spam/Virus 
originated from their IP adress in the last 24 hour.
They can request immediate removal ( maximum 3 times before 24 hour ban ).

If user continuously spamming/sending virus for 7 days we generate email 
threatening to lock their DSL/dialup account they dont stop.
User that continuously spamming/sending virus for 1 week after we sent 
the letter will get lock.



Regards,
Rianto Wahyudi












-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071213/db1ac436/attachment.html

More information about the MailScanner mailing list