How do you protect against outgoing spam

How do you protect against outgoing spam - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: General discussion (/forum-11.html)
+--- Thread: How do you protect against outgoing spam (/thread-11348.html)

How do you protect against outgoing spam - nuke3d - 08-09-2010 10:12 PM

Hi

I've recently had a new user on my panel that started sending out spam from his e-mail address he created with ispCP. Since I basically every new user has to be regarded as untrusted on my system I'd need some way to filter messages leaving my own mailserver instead of just checking incoming mail. I guess the best way would be to throttle the delivery and maybe run spamassassin on outgoing messages.

I could just add

Code:

check_policy_service inet:127.0.0.1:12525

to the smtpd_sender_restrictions but that would check my server against dnsbls which I don't want.

How do you handle this? Do you know how gmail/hotmail/etc go about this problem?

Thanks for any input Smile

RE: How do you protect against outgoing spam - kilburn - 08-09-2010 10:17 PM

I just pass clients' outgoing mails through amavisd-new, using their own "identified" class (to skip rbls). I'm not in favor of rate limiting because some users use a single account as mail proxy for their whole domain ('cause they have an exchange server in-house), so they are much more likely to hit any limits...

RE: How do you protect against outgoing spam - joximu - 08-09-2010 10:57 PM

well - since only sasl-authenticated customer may send mails via the mailserver - you can identify them and block them.

/J

RE: How do you protect against outgoing spam - nuke3d - 08-10-2010 02:24 AM

Hm, I don't use amavis, only policyd. I'll have to check how I can do it with that.

Yes, I can block them, but if I don't realize the problem quickly enough my mailserver will get listed in all kinds of blocklists.

RE: How do you protect against outgoing spam - chani - 08-12-2010 12:41 AM

I think there are several ways to do what you want. I guess you don't want to block outgoing mails, you just want to be informed if one of your customers/users is sending spam/viruses. I'd also suggest you to use amavisd together with spamassasin - just configure it in a way that you get a notification on virus/spam alert (look into the amavisd config) if it reaches a specific level -> but don't do filtering. As soon as someone is sending a spam mail you should get a notification about it. If you're only getting one mail it might be a false positive. I guess a real spammer would send a lot more - So if you got 100 mail notifications, you know that something happened. If youre only getting one, you might ignore it Smile

Another option would be to write your own policy-service. On postfix.org you'll find some documentation about it, if needed i'll post the url to the part in their documentation. You might write your own policy-service which is doing just this (checking using spamassasin/clamscan for spam/virus, if it reaches a specific limit send mail notification to you, without even touching the mail at all) this one is a bit tricky, though.

I don't do this at all, i have to trust my customers.

RE: How do you protect against outgoing spam - nuke3d - 08-17-2010 05:02 AM

Thanks for the suggestions. I'm currently using procmail to filter mail. I'm quite happy with the flexibility it gives me but I'll check out amavisd.