Am 12.07.2024 um 12:36:10 Uhr schrieb Mark E. Jeftovic: > On 2024-07-12 2:21 PM, Marco Moock wrote: > > Am 12.07.2024 um 10:57:15 Uhr schrieb Mark E Jeftovic via mailop: > > > > Implement a policy that if big amounts of spam are going out you can > > immediately block outgoing port 25. > Is there anything commonly used for monitoring the level of outbound > SMTP? Or are vendors forcing all outbound through an egress server to > scan everything, or homerolling wireshark, tcpdump, web flo scripts. > > You'd need to be able to break down which unit is generating the spam.
I think abuse reports will be fine for that. You can use outgoing logging only for the port 25 (e.g. Cisco ACL permit <src-IP> any eq 25 log permit any any ) should provide you the logging. Then compare that with the abuse reports. I don't know an automatic mechanism, but implementing one should be possible. -- Gruß Marco Send unsolicited bulk mail to 1720780570mu...@cartoonies.org _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
