>From: @lbutlr <krem...@kreme.com> .Sent: Friday, February 17, 2017 3:41 PM >To: users@spamassassin.apache.org >Subject: Re: Filtering outbound mail >On 2017-02-16 (07:21 MST), David Jones <djo...@ena.com> wrote: >> >>> From: Christian Grunfeld <christian.grunf...@gmail.com> >>> Sent: Thursday, February 16, 2017 7:50 AM >>> To: Spamassassin List >>> Subject: Re: Filtering outbound mail >>> >>> Are you using postfix as MTA? I use cluebringer suite which >>> has a lot of functionality (spf checks, helo checks, greylist >>> and quotas) >> >> I am using Postfix and cluebringer does looks pretty slick >> so I will check into that. >> >>> Quotas are fully configurable by tracking inbound and >>> outbound trafic by ip, sasl user, etc >> >> These outbound senders are my own internal customers >> smarthosting through my mail relays so I can't do things >> like rate limiting, greylisting, SPF checks, HELO checks, >> etc. on them like I do for Internet inbound mail.
>Oh yes you can, and yes you should. At the very least a >sane rate-limit will catch instances where customers get >compromised. Not all compromised accounts these days blast out at a high rate like we used to see years ago. I have had a few sneaky ones recently trickle spam through to stay below the radar so rate-limiting is not the answer with outbound mail I was able to build a SQL query to catch the slow sending compromised accounts. So far it looks reliable with a sane threshold. Just waiting for another compromised account to see it trigger a block. Dave
