> What is the best way to filter OUTgoing mail for spam? > > > > I have postfix with postgrey and quite a few rbl lists and restrictions. > > > > Unfortunately this only takes care of some spam. > > > > > > We have a network where sometimes clients pc's can get infected and we > want to avoid sending spam! > > > > > > Advice welcome! >
>First, don't allow any client machines to send mail directly >to the internet. Block outgoing connections to port 25 at >your firewall or router, allowing only official mail servers. This we cannot do as we are a small WISP and many clients need to connect directly to there own mail servers. What we have done is force all outgoing mail through our server for relaying for control and logging at least. >The best way to stop spam being sent from your mail server is >to require your users to authenticate when sending mail (and >maybe only accept from them on the "submission" port) and >require that the MAIL FROM matches the credentials used. This >stops current viruses from successfully sending any mail. >This does take some work to set up, and requires additional >software - either dovecot or cyrus - to handle the authentication. >http://www.postfix.org/SASL_README.html >http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mi smatch >http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps Although it's a bit outdated we use pop-before-smtp, but here again we need to "trust" internal users to allow them to relay to be able To use there own servers without needing even a valid e-mail account from us. >Or as a minimum you can require mail leaving your network to >use your own MAIL FROM. This will block spam that forges the >sender, which is most current stuff. ># main.cf >smtpd_sender_restrictions = > permit_auth_destination > check_sender_access hash:/etc/postfix/allowed_sender_domains > reject Here again we would actually hamper users from using there external mail accounts. >Where allowed_sender_domains lists the permitted domain names >with OK. Anything else is rejected. >example.com OK >example.org OK >Or use a policy service that limits the number of messages a >specific client can send. Here's a popular one that works >well and has lots of other features: >http://policyd.sourceforge.net/ That's what I thought postgrey did? >And finally, you can run everything through SpamAssassin (and >maybe clamav) using a milter or a content_filter. Here's a >popular, robust content_filter for controlling SA and clamav: >http://www.ijs.si/software/amavisd/ I forgot to mension but I do use clamav with clamsmtp, however haven't got spamassasin running as as far as I new it Only "marks" possible spams and this wont help with outgoing mail... Input? >BTW, scanning mail with clam is pretty painless using the >clamav-milter bundled with clamav. I would recommend >considering using clam regardless of what other filtering >methods you use. >http://clamav.net/ >And once you have clam running, get the Sanesecurity add-on >signatures, which do a great job of catching those pesky >phishing and scam mails. >http://sanesecurity.co.uk/clamav/usage.htm Like I said using clamav already although going to do some reading on sanesecuruty! Thank You! -- Noel Jones __________ NOD32 3416 (20080904) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com
