New wiki page
Steve Freegard
steve.freegard at fsl.com
Wed Jul 1 16:05:05 IST 2009
Alex Neuman wrote:
>
>
> On Wed, Jul 1, 2009 at 8:45 AM, Jason Ede <J.Ede at birchenallhowden.co.uk
> <mailto:J.Ede at birchenallhowden.co.uk>> wrote:
>
>
>
> What happens if you get a mass mailer worm on your network or a
> compromised computer that starts churning out spam? Far more red
> faces that way.
>
> Jason
> --
>
>
> Specially if it lands your ip or netblock on several RBL's and people
> start rejecting your e-mail.
Or worse; local blacklists or delaylists at the likes of Hotmail, Yahoo
or AOL etc.
At least with a public listing you can easily find out about it and take
action to get delisted; with local blacklists or delaylists you'll have
to learn about this issue from your users or built-up queues and then
take up the issue with each postmaster.
Personally; I'm not keen on using MailScanner for outbound scanning as
quarantining outbound mail is a real pain to manage and you certainly
don't want to have any 'delete' actions etc. so doing everything at the
SMTP phase (e.g. with a milter or proxy) is much better and easier to
manage (in the event of an FP the sender gets a DSN immediately and can
modify their message). SA also needs to be treated differently for
outbound; I prefer using the same bayes database as inbound, but
boosting considerably the scores of IXHASH, DCC_CHECK, URIBL_* and
SOUGHT to prevent compromised machines/accounts from sending any junk out.
Cheers,
Steve.
More information about the MailScanner
mailing list