limiting damage done by a compromised account
johnnyb at marlboro.edu
Mon Jan 24 19:38:42 GMT 2011
I have also been struggling with this over the last year and have
several pieces cobbled together. A key piece for me is that we use
policyd greylisting and it has rate limiting as well. I believe that you
can use rate limiting without greylisting. If you use SASL
authentication for all mail you should be able to solve the problem with
this. But if you don't or can't use SASL there are a few holes in it
because you have to use envelope sender or ip instead and that can be
fairly easily circumvented.
MailScanner can help a lot with catching phishing attempts before they
get to students as well. Scamnailer http://www.scamnailer.info/ tags
almost all of them to begin with. I use MailScanners spam action rules
with "attachment" to trigger a warning whenever something looks
particularly suspiciously like a phishing attempt but isn't getting
marked as spam. To trigger it I use ScamNailer, custom rules based on
the attempts we have had, and a few RBL's.
If you can let me know what you come up with. I'm still trying to
perfect my system and am looking for more ideas.
Sean M. Schipper wrote:
> I use Mailscanner ( v4.79 on RH Linux with spamassassin & Clam) in front of Exchange 2010. Occasionally at our university we'll have a student email in their login credentials in response to phishing email that got thru. We don't scan outgoing messages since I don't want to block outgoing emails except for this situation. I'm looking for advice on what to do to protect us from being a source of spam. We currently have a poor reputation on from senderbase which I've been unable to correct - any ideas on anything I can do to speed up this process would be welcome as well.
Network Systems Administrator
Phone: 451-7551 Cell: 451-6748
More information about the MailScanner