Le mardi 16 février 2010 à 12:46 -0800, SM a écrit : > Hi Alexandre, > At 10:44 16-02-10, Alexandre Chapellon wrote: > >I have a quite buggy customer network, full of zombie PCs that > >spends all days sending spam and wasting the whole "reputation" of my > >networks. > > Do they send these messages through your mail server?
Mostly not but thoose who are doing so make my mail servers being blacklisted from time to times. (And I don't really care about dyn IP adresses being on blacklists... for now) > >As a result it sometimes become quite hard to delivers queues for > >specific domains such as Yahoo!'s hosted ones. Indeed they have some > >temp fail (blacklist) mechanism that forbid my servers to send > >messages to them during hours. > >Taht's why I would like to setup some ougoing filtering to avoid > >sending too much spam through my mail relays. I think SA can help me > >in doing so, but I know too it's not really intented to work this > >way. I guess SA expects to work on MX hosts more than on smtp relays. > > You can still run some SpamAssassin tests to catch some of the spam. This is what i am doing... but I'd like to know if someone has done it too and how efficient it is. I don't want to set this up if It won't change my reputation and just cause some false positives. > > >My prerequisites are mainly: > > - STOP as much spam as possible at SMTP time (before queuing) > > As this is outgoing, post-SMTP filtering is not much of an issue. It definetly is when hitting the problem of false positive... I can't let a user thinking we sent his mail when we "wrongly" dropped it. > >Further more I can't rely on RBL because a lot of my dyn IP address > >are regularily listed on different blacklist. > > Relying on other people to tell you that there is a problem on your > network is not a good idea. > > Sign up for feedback loops. Rate limit mail submissions or set up > triggers to identify abnormalities. You may also wish to do traffic > flow analysis to see what's going through your network. Indeed Flow analisys is something I didn't think about but which could be helpful regards > > Regards, > -sm >