outbound spam filtering
in [Postfix]
|
Prev: Need help to configure postfix to send only emails.
Next: how to increase throughput of postfix to local user?
From: Alex on 5 Nov 2009 04:47 Hello This is my first post on this list. I have a atypical configuration like : - an MX server for inbound mails; this server is configured virtual domains, graylisting , antivirus and antispam for all incoming mails; it is also use for my users as a pop/imap/smtp server. - all emails originating from my users (authenticated users) are relayed to another servers. On this outgoing servers I have 3 to 8 postfix instances on different ips. Each instance have a dedicated transport for servers like yahoo , hotmail etc Basically is one of my users want to send a email outside it must authenticate to the smtp server. The smtp server relay that message to one gateway server (round-robin fashion) and the gateway server send the message to the destination. What I am try to do is scan all outbound emails (I have a few situations in witch a mail account was owned by spammers and use to send spam). The scanner must be on the gateway servers not on the smtp server because he can't take any more load. About scanning software on the incoming server I use spamassassin invoke from maildrop. On gateway server I try to use something more light and I read about dspam . I have a few questions for you: - how can I use dspam or any other scanning software on my gateway servers (multiple instance configuration) ? - is dspam a good choice ? Alex Thank you
From: ram on 5 Nov 2009 05:26 On Thu, 2009-11-05 at 11:47 +0200, Alex wrote: > Hello > > This is my first post on this list. I have a atypical configuration like : > - an MX server for inbound mails; this server is configured virtual > domains, graylisting , antivirus and antispam for all incoming mails; it > is also use for my users as a pop/imap/smtp server. > - all emails originating from my users (authenticated users) are relayed > to another servers. On this outgoing servers I have 3 to 8 postfix > instances on different ips. Each instance have a dedicated transport > for servers like yahoo , hotmail etc > Basically is one of my users want to send a email outside it must > authenticate to the smtp server. The smtp server relay that message to > one gateway server (round-robin fashion) and the gateway server send the > message to the destination. > What I am try to do is scan all outbound emails (I have a few > situations in witch a mail account was owned by spammers and use to send > spam). The scanner must be on the gateway servers not on the smtp server > because he can't take any more load. > About scanning software on the incoming server I use spamassassin > invoke from maildrop. On gateway server I try to use something more > light and I read about dspam . > I have a few questions for you: > - how can I use dspam or any other scanning software on my gateway > servers (multiple instance configuration) ? > - is dspam a good choice ? > > Alex > Thank you Outbound scanning is slightly different from inbound. but in general you need not scan and catch all the spam messages. Just one caught and you immediately know which account is spewing spams Dspam is not very effective ... Ofcourse thats my opinion YMMV. If you find spamassassin too heavy maybe you can trim it yourself. Remove all unnecessary cf files, especially the network DNS checks since they are all irrelevant for outbound. You could even consider some lightweight commercial plugin and remove all other rules But other than scanning , implement the basic hygiene. Allow only strong passwords , if possible block port 25 and use 587 , educate the users about phishing etc. Also register for Feedback loops and watch out for abuse complaints. All that is absolutely essential today for a outbound mail relay.
From: Egoitz Aurrekoetxea Aurre on 5 Nov 2009 16:11 Hi, I think outgoing scans are a little different. You have some advantages and disadvantages respect incoming mail scanning. Advantages are that you know you're users and more or less what they do.... or you have it controlled with some scripts. So you can identify easier when a user is not behaving as always.... asumming that perhaps someone has stolen him the password or has some worm on his office network. You should be more trusting with you're users because you have accepted too to give them service and because they have signed a contract with them and because it's easier to stop the problem if someone behaves like shouldnt. So... I advise you to check theyr'e behaviour and then if you suspect from someone you should then pass them mails through a mail scanning machine and perhaps even check more concisely what they are doing.... but IMHO opinion you shouldn't scan all his mail. You should too check you're mail queues and check how is you're reputation in RBL as mail machine too.... I'm working on an utility for being used as outgoing mail controller (better said than scanner) based on what I told you. It will be ready in 3 or 4 months more :) :). Hope I have instructed you a little on how to interact with outgoing mail. Bye mate! El 05/11/2009, a las 11:26, ram escribió: > On Thu, 2009-11-05 at 11:47 +0200, Alex wrote: >> Hello >> >> This is my first post on this list. I have a atypical configuration >> like : >> - an MX server for inbound mails; this server is configured virtual >> domains, graylisting , antivirus and antispam for all incoming >> mails; it >> is also use for my users as a pop/imap/smtp server. >> - all emails originating from my users (authenticated users) are >> relayed >> to another servers. On this outgoing servers I have 3 to 8 postfix >> instances on different ips. Each instance have a dedicated >> transport >> for servers like yahoo , hotmail etc >> Basically is one of my users want to send a email outside it must >> authenticate to the smtp server. The smtp server relay that message >> to >> one gateway server (round-robin fashion) and the gateway server >> send the >> message to the destination. >> What I am try to do is scan all outbound emails (I have a few >> situations in witch a mail account was owned by spammers and use to >> send >> spam). The scanner must be on the gateway servers not on the smtp >> server >> because he can't take any more load. >> About scanning software on the incoming server I use spamassassin >> invoke from maildrop. On gateway server I try to use something more >> light and I read about dspam . >> I have a few questions for you: >> - how can I use dspam or any other scanning software on my gateway >> servers (multiple instance configuration) ? >> - is dspam a good choice ? >> >> Alex >> Thank you > > Outbound scanning is slightly different from inbound. but in general > you > need not scan and catch all the spam messages. Just one caught and you > immediately know which account is spewing spams > > Dspam is not very effective ... Ofcourse thats my opinion YMMV. > > If you find spamassassin too heavy maybe you can trim it yourself. > Remove all unnecessary cf files, especially the network DNS checks > since > they are all irrelevant for outbound. You could even consider some > lightweight commercial plugin and remove all other rules > > > > But other than scanning , implement the basic hygiene. Allow only > strong > passwords , if possible block port 25 and use 587 , educate the users > about phishing etc. Also register for Feedback loops and watch out for > abuse complaints. All that is absolutely essential today for a > outbound > mail relay. > > > > > > > > > > > > > > > > > > > > > > >
From: Alex on 6 Nov 2009 02:48 Egoitz Aurrekoetxea Aurre wrote: > Hi, > > I think outgoing scans are a little different. You have some > advantages and disadvantages respect incoming mail scanning. > Advantages are that you know you're users and more or less what they > do.... or you have it controlled with some scripts. So you can > identify easier when a user is not behaving as always.... asumming > that perhaps someone has stolen him the password or has some worm on > his office network. You should be more trusting with you're users > because you have accepted too to give them service and because they > have signed a contract with them and because it's easier to stop the > problem if someone behaves like shouldnt. So... I advise you to check > theyr'e behaviour and then if you suspect from someone you should then > pass them mails through a mail scanning machine and perhaps even check > more concisely what they are doing.... but IMHO opinion you shouldn't > scan all his mail. You should too check you're mail queues and check > how is you're reputation in RBL as mail machine too.... > > I'm working on an utility for being used as outgoing mail controller > (better said than scanner) based on what I told you. It will be ready > in 3 or 4 months more :) :). > > Hope I have instructed you a little on how to interact with outgoing > mail. > > Bye mate! > > > El 05/11/2009, a las 11:26, ram escribió: > >> On Thu, 2009-11-05 at 11:47 +0200, Alex wrote: >>> Hello >>> >>> This is my first post on this list. I have a atypical configuration >>> like : >>> - an MX server for inbound mails; this server is configured virtual >>> domains, graylisting , antivirus and antispam for all incoming >>> mails; it >>> is also use for my users as a pop/imap/smtp server. >>> - all emails originating from my users (authenticated users) are >>> relayed >>> to another servers. On this outgoing servers I have 3 to 8 postfix >>> instances on different ips. Each instance have a dedicated transport >>> for servers like yahoo , hotmail etc >>> Basically is one of my users want to send a email outside it must >>> authenticate to the smtp server. The smtp server relay that message to >>> one gateway server (round-robin fashion) and the gateway server send >>> the >>> message to the destination. >>> What I am try to do is scan all outbound emails (I have a few >>> situations in witch a mail account was owned by spammers and use to >>> send >>> spam). The scanner must be on the gateway servers not on the smtp >>> server >>> because he can't take any more load. >>> About scanning software on the incoming server I use spamassassin >>> invoke from maildrop. On gateway server I try to use something more >>> light and I read about dspam . >>> I have a few questions for you: >>> - how can I use dspam or any other scanning software on my gateway >>> servers (multiple instance configuration) ? >>> - is dspam a good choice ? >>> >>> Alex >>> Thank you >> >> Outbound scanning is slightly different from inbound. but in general you >> need not scan and catch all the spam messages. Just one caught and you >> immediately know which account is spewing spams >> >> Dspam is not very effective ... Ofcourse thats my opinion YMMV. >> >> If you find spamassassin too heavy maybe you can trim it yourself. >> Remove all unnecessary cf files, especially the network DNS checks since >> they are all irrelevant for outbound. You could even consider some >> lightweight commercial plugin and remove all other rules >> >> >> >> But other than scanning , implement the basic hygiene. Allow only strong >> passwords , if possible block port 25 and use 587 , educate the users >> about phishing etc. Also register for Feedback loops and watch out for >> abuse complaints. All that is absolutely essential today for a outbound >> mail relay. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > Hi The trust in my own users led me to his post. The users are ignorant (not all, but..). No one care about how send , what send, where send , thei just wnat to send more and more . I don't trust anyone and my server too. I know that the outbound filtering is different. My intention is to scan all messages originating from my network and base on spam scoring to take the proper action. For the beginning let say "if spam score is > 10" HOLD. This will give time to investigate the body of that email and decide what to do (pass or reject).
From: lst_hoe02 on 6 Nov 2009 03:07 Zitat von Alex <me(a)deltaindigo.ro>: >> > Hi > > The trust in my own users led me to his post. The users are > ignorant (not all, but..). No one care about how send , what send, > where send , thei just wnat to send more and more . > I don't trust anyone and my server too. > I know that the outbound filtering is different. My intention is > to scan all messages originating from my network and base on spam > scoring to take the proper action. For the beginning let say "if > spam score is > 10" HOLD. This will give time to investigate the > body of that email and decide what to do (pass or reject). > Well done! As soon as you don't know personally all your users or can control what they are allowed to do like in a company network you should for sure scan the outbound mail for spam to detect spammers using your service before the complaints from others rush in. If the ISPs would do so, most of the spams would disappear. But instead even many of big mailprovider spit out spam day by day and rather spam-filter their abuse account to not get complaints. Regards Andreas
|
Next
|
Last
Pages: 1 2 3 4 Prev: Need help to configure postfix to send only emails. Next: how to increase throughput of postfix to local user? |