Filtering OutBound SPAM
Eduardo Casarero
ecasarero at gmail.com
Wed Feb 4 15:38:01 GMT 2009
2009/2/4 Randal, Phil <prandal at herefordshire.gov.uk>
> Whilst everything comes from the same IP (client's MTA), the Received
> headers should have the infected box's IP address.
>
> Give that/those a high score in spamassassin, and tell the client to clean
> their infected PCs
>
>
You mean mannually check headers? and then add a high score?
> Cheers,
>
> Phil
> --
> Phil Randal | Networks Engineer
> Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services
> Division
> Thorn Office Centre, Rotherwas, Hereford, HR2 6JT
> Tel: 01432 260160
> email: prandal at herefordshire.gov.uk
>
> Any opinion expressed in this e-mail or any attached files are those of the
> individual and not necessarily those of Herefordshire Council.
>
> This e-mail and any attached files are confidential and intended solely for
> the use of the addressee. This communication may contain material protected
> by law from being passed on. If you are not the intended recipient and have
> received this e-mail in error, you are advised that any use, dissemination,
> forwarding, printing or copying of this e-mail is strictly prohibited. If
> you have received this e-mail in error please contact the sender immediately
> and destroy all copies of it.
>
>
> ------------------------------
> *From:* mailscanner-bounces at lists.mailscanner.info [mailto:
> mailscanner-bounces at lists.mailscanner.info] *On Behalf Of *Eduardo
> Casarero
> *Sent:* 04 February 2009 15:22
> *To:* MailScanner discussion
> *Subject:* OT: Filtering OutBound SPAM
>
> Hi, i've a rare scenario with one of my customers and i though that someone
> from here could give me some fresh(?) ideas.
>
> My client has it's own MTA (wich i don't manage, neither have access to
> logs, etc) and it sends all outbound traffic to my server that has
> (MScanner, SA, clamav, dcc, pyzor, razor, some custom rules, etc).
>
> The problem i've right now is that (i assume) some malware stole valid
> user/passwords to authenticate in the smtp server of my client, so tons of
> spam are trying to get out to internet through my server.
>
> Althogh all anti-spam stuff seems to work, i need some new countermeasures
> to stop this at MailScanner stage (i cant do anything at MTA level because
> everything comes from the same ip).
>
> Any idea?
>
> something like my own checksum repository, or url blacklist, or header
> authentication matching, etc.
>
> Any help would be appreciated.
>
> Eduardo.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090204/7bb3b269/attachment.html
More information about the MailScanner
mailing list