>>> >> > Hi > > The trust in my own users led me to his post. The users are ignorant > (not all, but..). No one care about how send , what send, where send , > thei just wnat to send more and more . > I don't trust anyone and my server too. > I know that the outbound filtering is different. My intention is to > scan all messages originating from my network and base on spam scoring > to take the proper action. For the beginning let say "if spam score is > > 10" HOLD. This will give time to investigate the body of that email and > decide what to do (pass or reject). >
When I said trust I didn't want to mean that you should think you're users wont send spam. I meant, you shouldn't be relaxed because they're not going to send spam... this is not what I tried to say. Basically with the trust sentence I meant that you have an agree with them and that if they become spammers knowing what they doing they can run into serious problems... so it's not the same situation as incoming mail relay that anyone will send you mail and have nothing signed with them; just that, no that you should have a blind trust with them. Apart of this... outgoing mail is supposed to be mail generated by the need of you're customer to send a mail to another person... it's not the same as being receiving mail from everyone with any intention like in incoming relay. I think that while in mail scanning machines you should see content, in outgoing mail scanning you should only check content if you doubt from someone and how do you doubt on someone? seeing strange activity on them or seeing you're servers reputation poored or seeing lots of delays of some mails in you're queue or looking the bounces you're machine is sending. I only would use content spam checkers such as spamassassin (that would be my option in case I needed) if I suspect from someone. And too as people have commented here on you're outgoing mail machines... is nice too to set ssl forced and the usage of submission port (normally bots not talk ssl and normally try to connect to port 25). Apart of this I think human intervention (from part of you're users) would be nice too for ensuring they have not malware in they're desktops sending mails to addresses in they're addressbook. Something like... reject message with a url for you're users saying hit here (and the reason of this reject) if you want to continue sending mail because I have seen something suspect on you're activity; then if you're users don't take care of this notifications and just hit on the button located at that url for continuing sending mail... then the second attempt to hit from part of them won't be valid because they should talk to you for you to check what they're doing. I think this should be the correct behaviour and as said yesterday I will implement something for this kind of checks on outgoing mail scanning machines. Of course this is my opinion and what experience sais to me :). Bye!!!!!!!!
