Am 19.03.2015 um 19:48 schrieb Bill Cole:
On 18 Mar 2015, at 17:24, Axb wrote:Why is "Internal" or local mail sent thru SA?If the MTA handles outbound mail from Windows users, passing their mail through SA is prudent. There are spamming trojans that figure out how to use the victim's legitimate submission config including credentials, evading the difficulties of trying to send directly and sending slowly enough to avoid rate-limiting measures. The Swen worm was doing this a decade ago, so it is hardly a new thing
in fact you even need a *dedicated* SA instance on your submission servers with RBL's and a ton of rules disabled and different scoring
the other option is passive reaction to abuse mails each time one of your customers account got hacked and abused for sned spam
expierience of the last year proves that you even stop successful dicitionary attacks after "guess" the valid credentials, ot recognize the the reject came from SA and continue trying passwords
there is nothing like "internal" in context of security
signature.asc
Description: OpenPGP digital signature
