On 3/22/2019 9:44 PM, Noel Butler wrote: > > On 23/03/2019 05:54, Benny Pedersen wrote: > >> >> dont relay mail from port 25, mails there is final recipient only, >> not forwared >> > > > you ave not been taking your medication again Benny > Noel, please. The personal attacks aren't in keeping with our code of conduct. Please don't email them to the list.
IMO and I believe the RFCs back me up, Port 25 should only be used for local recipients. Port 587, submissions would be appropriate for submissions requiring other delivery methods and should be protected with SMTP AUTH, for example. That would certainly be best practice, well supported and easy to add TLS to address. Getting back to the original question: Yes, you can scan outbound mail for spam and block it. There are a number of ways to do that. We also do a LOT with MIMEDefang, LDAP & IPTables, & Access files to extend the edge of the network to the board to avoid backscatter, DDoS attacks, etc. I've published a lot of stuff about this before and happy to give pointers again. But in short, setup an SMTP host that allows rely by IP from all your servers behind it and set those servers to use the SMTP host as a smarthost. On the smarthost, you can use amavisd-new and drop/redir mail that is considered spam. More complex solutions are available with alerting, rate limiting, etc. Regards, KAM -- Kevin A. McGrail Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171
