mailscanner in ISP

Leonardo Helman mailscanner at
Thu Aug 7 18:39:23 IST 2008

The blacklists are (usually) not very effective
for the outbound spam (IMHO).

They are your own clients, they are paying for that,
that is, if you don't have an open relay, and they can't
send mails directly outside your outbound mta.
or something like that, the output IP will be the output
of your own MTA, and all your clients will have a typical
dynamic ip address (that will eventually change between them),
so if you blacklist by an external dynamic ip blacklist, you will
be blacklisting (eventually) the wrong customers.

Here the problem, I thing, is a legal problem, what are
the conditions that the client paid for, and with that
what you can do to stop them (some isp are unwilling to
ratelimit or things like that).

My first choice would be to set a rate for the outgoing
mail, so the clients shouldn't spam enough.

That's not always feasible, think big customers without
IP/MTA, they will send all their "internal communications"
by your MTA.

So I think my order would be ratelimit, spamtraps, and a good trained
(rules and/or bayes) spamassassin, lots of scripts to automatically add
internal ip's to own blacklists

On Thu, 2008-08-07 at 15:33 +0100, Julian Field wrote:
> Paulo Roncon wrote:
> > Hello all,
> >
> > I work in a ISP and we want to install mailscanner to stop OUTBOUND spam as its becoming a bottleneck...
> > I dont have any network metrics, as the guy in charge in out. I'm thinking 1000000 plus messages/day.
> >
> > Questions:
> > -Anyone has ideias of the kind of HW solution nedeed?
> > -OUTBOUND filtering: Its gonna be *->*. Do you see any problems?
> > -Which is the fastest configuration possible?
> > -What pieces of SW should I install (AV, Pyzor, etc,etc)?. I'm aiming to speed and to block about 85% of spam. I'm not aiming at near 100% spam free...
> >   
> I would start with some blacklists at your MTA, such as spamhaus-ZEN. 
> You would be better off putting this into your MTA so you don't accept 
> connections from botnet hosts in the first place.
> ClamAV with the additional signatures will be fast too.
> Jules
> -- 
> Julian Field MEng CITP CEng
> Buy the MailScanner book at
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.

More information about the MailScanner mailing list