spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jones <>
Subject Re: Filtering outbound mail
Date Fri, 17 Feb 2017 21:51:39 GMT
>From: @lbutlr <>
.Sent: Friday, February 17, 2017 3:41 PM
>Subject: Re: Filtering outbound mail
>On 2017-02-16 (07:21 MST), David Jones <> wrote:
>>> From: Christian Grunfeld <>
>>> Sent: Thursday, February 16, 2017 7:50 AM
>>> To: Spamassassin List
>>> Subject: Re: Filtering outbound mail
>>> Are you using postfix as MTA? I use cluebringer suite which
>>> has a lot of functionality (spf checks, helo checks, greylist
>>> and quotas)
>> I am using Postfix and cluebringer does looks pretty slick
>> so I will check into that.
>>> Quotas are fully configurable by tracking inbound and
>>> outbound trafic by ip, sasl user, etc
>> These outbound senders are my own internal customers
>> smarthosting through my mail relays so I can't do things
>> like rate limiting, greylisting, SPF checks, HELO checks,
>> etc. on them like I do for Internet inbound mail.

>Oh yes you can, and yes you should. At the very least a
>sane rate-limit will catch instances where customers get

Not all compromised accounts these days blast out at a
high rate like we used to see years ago.  I have had a few
sneaky ones recently trickle spam through to stay below
the radar so rate-limiting is not the answer with outbound

I was able to build a SQL query to catch the slow sending
compromised accounts.  So far it looks reliable with a
sane threshold.  Just waiting for another compromised
account to see it trigger a block.

View raw message