2009/11/7 mouss <mo...@ml.netoyen.net>: > Alex a écrit : >> Hello >> >> This is my first post on this list. I have a atypical configuration like : >> - an MX server for inbound mails; this server is configured virtual >> domains, graylisting , antivirus and antispam for all incoming mails; it >> is also use for my users as a pop/imap/smtp server. >> - all emails originating from my users (authenticated users) are relayed >> to another servers. On this outgoing servers I have 3 to 8 postfix >> instances on different ips. Each instance have a dedicated transport >> for servers like yahoo , hotmail etc >> Basically is one of my users want to send a email outside it must >> authenticate to the smtp server. The smtp server relay that message to >> one gateway server (round-robin fashion) and the gateway server send the >> message to the destination. >> What I am try to do is scan all outbound emails (I have a few >> situations in witch a mail account was owned by spammers and use to send >> spam). The scanner must be on the gateway servers not on the smtp server >> because he can't take any more load. >> About scanning software on the incoming server I use spamassassin >> invoke from maildrop. On gateway server I try to use something more >> light and I read about dspam . >> I have a few questions for you: >> - how can I use dspam or any other scanning software on my gateway >> servers (multiple instance configuration) ? > > Most statistical anti-spam filters assume an inbound model. you can use > a "global" bayes setup, but then I don't think you'll benefit from > dspam/bogo/... >
Could you turn the outgoing mail around and make it inbound mail as well? eg. Could you make use of 'always_bcc' to copy all outgoing messages to an address on another postfix instance somewhere and then run the spam filtering over the incoming mail on that instance? Tell the spam filter to throw away all the real mail and keep all the spam - which would be nothing if all goes well. Presumably all the host/ip address based filters would be fairly useless in that set up - assuming it is doable in the first place. It wouldnt prevent the spam from going out, but would allow you to detect it easily if/when it happens again. (I suppose you could script something up to automatically add the sender to a blacklist as soon as a message appears) -- Phill
