ego...@ramattack.net wrote:
Hi
The trust in my own users led me to his post. The users are ignorant
(not all, but..). No one care about how send , what send, where send ,
thei just wnat to send more and more .
I don't trust anyone and my server too.
I know that the outbound filtering is different. My intention is to
scan all messages originating from my network and base on spam scoring
to take the proper action. For the beginning let say "if spam score is >
10" HOLD. This will give time to investigate the body of that email and
decide what to do (pass or reject).
When I said trust I didn't want to mean that you should think you're users
wont send spam. I meant, you shouldn't be relaxed because they're not
going to send spam... this is not what I tried to say. Basically with the
trust sentence I meant that you have an agree with them and that if they
become spammers knowing what they doing they can run into serious
problems... so it's not the same situation as incoming mail relay that
anyone will send you mail and have nothing signed with them; just that, no
that you should have a blind trust with them. Apart of this... outgoing
mail is supposed to be mail generated by the need of you're customer to
send a mail to another person... it's not the same as being receiving mail
from everyone with any intention like in incoming relay.
I think that while in mail scanning machines you should see content, in
outgoing mail scanning you should only check content if you doubt from
someone and how do you doubt on someone? seeing strange activity on them
or seeing you're servers reputation poored or seeing lots of delays of
some mails in you're queue or looking the bounces you're machine is
sending. I only would use content spam checkers such as spamassassin (that
would be my option in case I needed) if I suspect from someone. And too as
people have commented here on you're outgoing mail machines... is nice too
to set ssl forced and the usage of submission port (normally bots not talk
ssl and normally try to connect to port 25). Apart of this I think human
intervention (from part of you're users) would be nice too for ensuring
they have not malware in they're desktops sending mails to addresses in
they're addressbook. Something like... reject message with a url for
you're users saying hit here (and the reason of this reject) if you want
to continue sending mail because I have seen something suspect on you're
activity; then if you're users don't take care of this notifications and
just hit on the button located at that url for continuing sending mail...
then the second attempt to hit from part of them won't be valid because
they should talk to you for you to check what they're doing.
I think this should be the correct behaviour and as said yesterday I will
implement something for this kind of checks on outgoing mail scanning
machines.
Of course this is my opinion and what experience sais to me :).
Bye!!!!!!!!
Hi
Let me give you an example. Let say that on 3 am one mailbox is hacked
and is use to send mails with no link no click buttons just lottery
scam content and a reply address. You have enforce limits on your
server and you don't allow to send more then n messages per hour so
that guy successfully send that n emails. One or more destinations
addresses is a spam trap.
Next day in the morning all you can see is that your ip(s) are listed
in a bunch of rbl and queues are full with messages.
What I understand from you is how to deal with this situations but what
I intend to do is to prevent this situations.
Thank you
|
