spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jones <djo...@ena.com>
Subject Re: Filtering outbound mail
Date Fri, 17 Feb 2017 21:51:39 GMT
>From: @lbutlr <kremels@kreme.com>
.Sent: Friday, February 17, 2017 3:41 PM
>To: users@spamassassin.apache.org
>Subject: Re: Filtering outbound mail
    
>On 2017-02-16 (07:21 MST), David Jones <djones@ena.com> wrote:
>> 
>>> From: Christian Grunfeld <christian.grunfeld@gmail.com>
>>> Sent: Thursday, February 16, 2017 7:50 AM
>>> To: Spamassassin List
>>> Subject: Re: Filtering outbound mail
>>> 
>>> Are you using postfix as MTA? I use cluebringer suite which
>>> has a lot of functionality (spf checks, helo checks, greylist
>>> and quotas)
>> 
>> I am using Postfix and cluebringer does looks pretty slick
>> so I will check into that.
>> 
>>> Quotas are fully configurable by tracking inbound and
>>> outbound trafic by ip, sasl user, etc
>> 
>> These outbound senders are my own internal customers
>> smarthosting through my mail relays so I can't do things
>> like rate limiting, greylisting, SPF checks, HELO checks,
>> etc. on them like I do for Internet inbound mail.

>Oh yes you can, and yes you should. At the very least a
>sane rate-limit will catch instances where customers get
>compromised.

Not all compromised accounts these days blast out at a
high rate like we used to see years ago.  I have had a few
sneaky ones recently trickle spam through to stay below
the radar so rate-limiting is not the answer with outbound
mail

I was able to build a SQL query to catch the slow sending
compromised accounts.  So far it looks reliable with a
sane threshold.  Just waiting for another compromised
account to see it trigger a block.

Dave
Mime
View raw message