New wiki page

Steve Freegard steve.freegard at
Wed Jul 1 16:05:05 IST 2009

Alex Neuman wrote:
> On Wed, Jul 1, 2009 at 8:45 AM, Jason Ede <J.Ede at
> <mailto:J.Ede at>> wrote:
>     What happens if you get a mass mailer worm on your network or a
>     compromised computer that starts churning out spam? Far more red
>     faces that way.
>     Jason
>     --
> Specially if it lands your ip or netblock on several RBL's and people
> start rejecting your e-mail.

Or worse; local blacklists or delaylists at the likes of Hotmail, Yahoo
or AOL etc.

At least with a public listing you can easily find out about it and take
action to get delisted; with local blacklists or delaylists you'll have
to learn about this issue from your users or built-up queues and then
take up the issue with each postmaster.

Personally; I'm not keen on using MailScanner for outbound scanning as
quarantining outbound mail is a real pain to manage and you certainly
don't want to have any 'delete' actions etc. so doing everything at the
SMTP phase (e.g. with a milter or proxy) is much better and easier to
manage (in the event of an FP the sender gets a DSN immediately and can
modify their message).  SA also needs to be treated differently for
outbound; I prefer using the same bayes database as inbound, but
boosting considerably the scores of IXHASH, DCC_CHECK, URIBL_* and
SOUGHT to prevent compromised machines/accounts from sending any junk out.


More information about the MailScanner mailing list