Le mardi 16 février 2010 à 23:54 +0000, Martin Gregorie a écrit : > On Tue, 2010-02-16 at 11:38 -1000, Alexandre Chapellon wrote: > > Le mardi 16 février 2010 à 20:29 +0000, Martin Gregorie a écrit : > > > On Tue, 2010-02-16 at 08:44 -1000, Alexandre Chapellon wrote: > > > > Hello the list, > > > > > > > > I have a quite buggy customer network, full of zombie PCs that spends > > > > all days sending spam and wasting the whole "reputation" of my > > > > networks. > > > > > > > 1) Are you already using separate inbound and outbound mail servers? > > > > > yes of course > > > OK, so nothing is stopping you from running separate inbound and > outbound SA rule sets. If you include spamc in your SMTP-time processing > you can easily reject spam with 5xx responses. Granted a spam-bot will > consume any directed at it, but if a FP reject is returned to the user's > MUA he should see it. > > Look at grey-listing as well. It should be useful if it can distinguish > between the user's MUA (or private MTA) and a bot. Better yet, as others > have suggested, swap over to using SMTP authentication and TLS. Once > you've blocked direct outward SMTP, using authenticated SMTP will also > stop the bots in their tracks.
thanks > > I can't block users from sendin directly.... I am an ISP my users are > > free to use another relay than mine... eg google or yahoo or some > > mails relay of their own hosted i don't know where. > > > Why on earth not? You control T&C for your ISP and can change them. If > necessary you can keep existing charges for authenticated connections > and raise them for those who don't convert. > My english is not good enough to understand this sorry :p > > > - silently discard the spam and tell him you've done so on a daily basis > > I don't want to do something like this. > > > Where's the problem? You'll need to write some code to interpret SA's > spam markers anyway, so it can easily add a log message to maillog. Then > its trivial to extend logwatch to scan the maillog and generate messages > to spamiferous users. Believe me I can't. If I reject mail, user have to be informed when I do it and not even 12 hours after. I have governemental customer, and they are really... demanding. > > > Martin > >
