Ronald F. Guilmette put forth on 11/6/2010 5:14 AM:
> Hello again friends. Long time no see.
>
> I've gotten myself into a somewhat heated discussion... which seems to
> be the only kind I get into these days... on another mailing list
> regarding the spam outflow filtering capabilities of one particular
> non-Posfix based e-mail service.
>
> For the sake of comparison, I'd like to be able to describe in some
> detail what sorts of capabilities Posfix may offer along these lines,
> but I am at a serious disadvantage here, because I frankly haven't
> been paying too much attention to developments in the world of Postfix
> for the last few years, and thus, I'm pretty completely ignorant about
> the state of Postfix's current capabilities vis a via outflow filtering.
> So, you know, I am kind of hoping that somebody here might help me out
> and bring me up to speed. What capabilities does Postfix currently
> offer to insure that a given Posfix installation is not itself a source
> of spam?
>
> Now before someone tells me to just go and RTFM, let me say that yes, I'm
> sure that all of the information is there, and all well documented...
> Wietse has historically been real good about making sure that everything
> is documented... but I'm a bit short on time just now, and so I'm hoping
> that some kind soul will be willing to save me a lot of digging, and at
> least give me a capsule summary of any & all current capabilities relating
> to spam outflow control with Postfix.
>
> (I should say also that it isn't even clear that everything I might like
> to know about here is even necessarily a part of Postfix per se. Maybe
> things have changed, but as of a few years ago, at least, there were many
> ``third party'' add-ons for Postfix available that, while not a part of
> the mail server per se, nonetheless added many additional and very useful
> adjunct features & functionality. If there is anything like that that is
> available nowadays that might help to control possible spam outflow mishaps,
> then I'd like to hear about those too.)
>
> That's it. Thanks in advance for any assistance.
Hi Ron,
First off, I'm far from a resident expert so my answers will probably be
less thorough than others, but I thought I'd at least respond to you
quickly so you get a general idea of what's current. Since the bulk of
spam outflow these days is due to phished/stolen credentials,
effectively combating such is difficult at a technical level, and better
achieved with user education. That said, the following can help quite a
bit.
Postfix:
1. Fine grained relay access control
- permit_mynetworks, permit_sasl_authenticated, etc
2. Rate limiting on the submission port such as
-o smtpd_client_connection_count_limit=1
-o smtpd_client_connection_rate_limit=5
-o smtpd_client_message_rate_limit=5
-o smtpd_client_recipient_rate_limit=20
Season to taste based on organizational needs. A small office and an
ISP config may have very different needs WRT the above settings
3. Content inspection via custom header/body checks
4. Limit numbers of recipients per message
- default is 1000 which is only sane for mailing lists
Add on content filtering and policy daemon software performing
header/body checks and policy enforcement:
1. SpamAssassin, etc.
- Bayes and heuristic analysis of body
- URI matching against URI blacklists (UIRBL, SURBL, DBL, etc)
- return email address domain matching against domain blocklists
2. Policyd
- per user rate limiting
- per user send quota
As I said this is just a rough summary. Hope it gives you a good start.
--
Stan
