Thank you all for your suggestions. I will follow the path of using a whitelist and block everyone. I can track the IPs, but i taught i could put in place something (like OVH by example) do (If their system detects spam being sent, the port on that ip is automatically blocked and the client alerted).
Cheers Bruno Carvalho (CEO xervers) | +41 79 884 00 44 Please consider the environment before printing this email -----Mensagem original----- De: Benny Pedersen <m...@junc.eu> Enviada: sexta-feira, 22 de março de 2019 20:55 Para: users@spamassassin.apache.org Assunto: Re: Filtering at border routers: Is it possible? Anthony Hoppe skrev den 2019-03-22 18:23: > Not knowing the details of your environment... > > Instead of taking on the job of filtering email for all of your > clients (this, to me, will open up a can of worms), why not set a > policy that port 25 is blocked by default and customers must request > for it to be unblocked? dont relay mail from port 25, mails there is final recipient only, not forwared > You can then build a list of who may be using your services to send > mail and better track if/when undesirable mail is sent from your > network? ask custommers to use port 587 or 465 as common pratice but do require sasl auth on this ports, reject all else sadly i see mtas try to use 587, and 465, i like to know with book thay read
