OT: Filtering OutBound SPAM

Ken A ka at pacific.net
Wed Feb 4 16:24:26 GMT 2009

Eduardo Casarero wrote:
> Hi, i've a rare scenario with one of my customers and i though that someone
> from here could give me some fresh(?) ideas.
> My client has it's own MTA (wich i don't manage, neither have access to
> logs, etc) and it sends all outbound traffic to my server that has
> (MScanner, SA, clamav, dcc, pyzor, razor, some custom rules, etc).
> The problem i've right now is that (i assume) some malware stole valid
> user/passwords to authenticate in the smtp server of my client, so tons of
> spam are trying to get out to internet through my server.
> Althogh all anti-spam stuff seems to work, i need some new countermeasures
> to stop this at MailScanner stage (i cant do anything at MTA level because
> everything comes from the same ip).
> Any idea?
> something like my own checksum repository, or url blacklist, or header
> authentication matching, etc.
> Any help would be appreciated.
> Eduardo.

I've got a customer doing nearly the same thing. They host their site 
with another company, and we do mail. Their web host allows mail TO 
their domain, from the Internet at the web server, even though they are 
not a valid MX for the domain, and they do no filtering on this mail.

So, spammers, who love this sort of thing, attack the domain and it 
flows to our MX servers as 95% spam, all from a valid IP. Their web host 
asked them to setup outgoing mail in Outlook through the same server, so 
we can't just block the IP. :-(

We block most of it with milters. (milter-link milter-regex)
MailScanner gets most of what's left.


More information about the MailScanner mailing list