Egoitz Aurrekoetxea Aurre wrote:
Hi,
I think outgoing scans are a little different. You have some
advantages and disadvantages respect incoming mail scanning.
Advantages are that you know you're users and more or less what they
do.... or you have it controlled with some scripts. So you can
identify easier when a user is not behaving as always.... asumming
that perhaps someone has stolen him the password or has some worm on
his office network. You should be more trusting with you're users
because you have accepted too to give them service and because they
have signed a contract with them and because it's easier to stop the
problem if someone behaves like shouldnt. So... I advise you to check
theyr'e behaviour and then if you suspect from someone you should then
pass them mails through a mail scanning machine and perhaps even check
more concisely what they are doing.... but IMHO opinion you shouldn't
scan all his mail. You should too check you're mail queues and check
how is you're reputation in RBL as mail machine too....
I'm working on an utility for being used as outgoing mail controller
(better said than scanner) based on what I told you. It will be ready
in 3 or 4 months more :) :).
Hope I have instructed you a little on how to interact with outgoing
mail.
Bye mate!
El 05/11/2009, a las 11:26, ram escribió:
On Thu, 2009-11-05 at 11:47 +0200, Alex wrote:
Hello
This is my first post on this list. I have a atypical configuration
like :
- an MX server for inbound mails; this server is configured virtual
domains, graylisting , antivirus and antispam for all incoming
mails; it
is also use for my users as a pop/imap/smtp server.
- all emails originating from my users (authenticated users) are
relayed
to another servers. On this outgoing servers I have 3 to 8 postfix
instances on different ips. Each instance have a dedicated transport
for servers like yahoo , hotmail etc
Basically is one of my users want to send a email outside it must
authenticate to the smtp server. The smtp server relay that message to
one gateway server (round-robin fashion) and the gateway server send
the
message to the destination.
What I am try to do is scan all outbound emails (I have a few
situations in witch a mail account was owned by spammers and use to
send
spam). The scanner must be on the gateway servers not on the smtp
server
because he can't take any more load.
About scanning software on the incoming server I use spamassassin
invoke from maildrop. On gateway server I try to use something more
light and I read about dspam .
I have a few questions for you:
- how can I use dspam or any other scanning software on my gateway
servers (multiple instance configuration) ?
- is dspam a good choice ?
Alex
Thank you
Outbound scanning is slightly different from inbound. but in general you
need not scan and catch all the spam messages. Just one caught and you
immediately know which account is spewing spams
Dspam is not very effective ... Ofcourse thats my opinion YMMV.
If you find spamassassin too heavy maybe you can trim it yourself.
Remove all unnecessary cf files, especially the network DNS checks since
they are all irrelevant for outbound. You could even consider some
lightweight commercial plugin and remove all other rules
But other than scanning , implement the basic hygiene. Allow only strong
passwords , if possible block port 25 and use 587 , educate the users
about phishing etc. Also register for Feedback loops and watch out for
abuse complaints. All that is absolutely essential today for a outbound
mail relay.
Hi
The trust in my own users led me to his post. The users are ignorant
(not all, but..). No one care about how send , what send, where send ,
thei just wnat to send more and more .
I don't trust anyone and my server too.
I know that the outbound filtering is different. My intention is to
scan all messages originating from my network and base on spam scoring
to take the proper action. For the beginning let say "if spam score is >
10" HOLD. This will give time to investigate the body of that email and
decide what to do (pass or reject).
