On Tue, 2010-02-16 at 11:38 -1000, Alexandre Chapellon wrote: > Le mardi 16 février 2010 à 20:29 +0000, Martin Gregorie a écrit : > > On Tue, 2010-02-16 at 08:44 -1000, Alexandre Chapellon wrote: > > > Hello the list, > > > > > > I have a quite buggy customer network, full of zombie PCs that spends > > > all days sending spam and wasting the whole "reputation" of my > > > networks. > > > > > 1) Are you already using separate inbound and outbound mail servers? > > > yes of course > OK, so nothing is stopping you from running separate inbound and outbound SA rule sets. If you include spamc in your SMTP-time processing you can easily reject spam with 5xx responses. Granted a spam-bot will consume any directed at it, but if a FP reject is returned to the user's MUA he should see it.
Look at grey-listing as well. It should be useful if it can distinguish between the user's MUA (or private MTA) and a bot. Better yet, as others have suggested, swap over to using SMTP authentication and TLS. Once you've blocked direct outward SMTP, using authenticated SMTP will also stop the bots in their tracks. > I can't block users from sendin directly.... I am an ISP my users are > free to use another relay than mine... eg google or yahoo or some > mails relay of their own hosted i don't know where. > Why on earth not? You control T&C for your ISP and can change them. If necessary you can keep existing charges for authenticated connections and raise them for those who don't convert. > > - silently discard the spam and tell him you've done so on a daily basis > I don't want to do something like this. > Where's the problem? You'll need to write some code to interpret SA's spam markers anyway, so it can easily add a log message to maillog. Then its trivial to extend logwatch to scan the maillog and generate messages to spamiferous users. Martin
