Re: Filter Outgoing Mail For Spam

[Noel Jones]

Marcel Grandemange wrote:
What is the best way to filter OUTgoing mail for spam?
 

I have postfix with postgrey and quite a few rbl lists and restrictions.

 

Unfortunately this only takes care of some spam.

 

 

We have a network where sometimes clients pc’s can get infected and we 
want to avoid sending spam!

 

 

Advice welcome!


First, don't allow any client machines to send mail directly 
to the internet.  Block outgoing connections to port 25 at 
your firewall or router, allowing only official mail servers.

The best way to stop spam being sent from your mail server is 
to require your users to authenticate when sending mail (and 
maybe only accept from them on the "submission" port) and 
require that the MAIL FROM matches the credentials used.  This 
stops current viruses from successfully sending any mail. 
This does take some work to set up, and requires additional 
software - either dovecot or cyrus - to handle the authentication.
http://www.postfix.org/SASL_README.html
http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch
http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps

Or as a minimum you can require mail leaving your network to 
use your own MAIL FROM.  This will block spam that forges the 
sender, which is most current stuff.
# main.cf
smtpd_sender_restrictions =
  permit_auth_destination
  check_sender_access hash:/etc/postfix/allowed_sender_domains
  reject

Where allowed_sender_domains lists the permitted domain names 
with OK.  Anything else is rejected.
example.com   OK
example.org   OK

Or use a policy service that limits the number of messages a 
specific client can send.  Here's a popular one that works 
well and has lots of other features:
http://policyd.sourceforge.net/

And finally, you can run everything through SpamAssassin (and 
maybe clamav) using a milter or a content_filter.  Here's a 
popular, robust content_filter for controlling SA and clamav:
http://www.ijs.si/software/amavisd/

BTW, scanning mail with clam is pretty painless using the 
clamav-milter bundled with clamav.  I would recommend 
considering using clam regardless of what other filtering 
methods you use.
http://clamav.net/
And once you have clam running, get the Sanesecurity add-on 
signatures, which do a great job of catching those pesky 
phishing and scam mails.
http://sanesecurity.co.uk/clamav/usage.htm

--
Noel Jones