Filter Outgoing Mail For Spam

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Filter Outgoing Mail For Spam

Marcel Grandemange

What is the best way to filter OUTgoing mail for spam?

 

I have postfix with postgrey and quite a few rbl lists and restrictions.

 

Unfortunately this only takes care of some spam.

 

 

We have a network where sometimes clients pc’s can get infected and we want to avoid sending spam!

 

 

Advice welcome!

Reply | Threaded
Open this post in threaded view
|

Re: Filter Outgoing Mail For Spam

Noel Jones-2
Marcel Grandemange wrote:

> What is the best way to filter OUTgoing mail for spam?
>
>  
>
> I have postfix with postgrey and quite a few rbl lists and restrictions.
>
>  
>
> Unfortunately this only takes care of some spam.
>
>  
>
>  
>
> We have a network where sometimes clients pc’s can get infected and we
> want to avoid sending spam!
>
>  
>
>  
>
> Advice welcome!
>

First, don't allow any client machines to send mail directly
to the internet.  Block outgoing connections to port 25 at
your firewall or router, allowing only official mail servers.

The best way to stop spam being sent from your mail server is
to require your users to authenticate when sending mail (and
maybe only accept from them on the "submission" port) and
require that the MAIL FROM matches the credentials used.  This
stops current viruses from successfully sending any mail.
This does take some work to set up, and requires additional
software - either dovecot or cyrus - to handle the authentication.
http://www.postfix.org/SASL_README.html
http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch
http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps

Or as a minimum you can require mail leaving your network to
use your own MAIL FROM.  This will block spam that forges the
sender, which is most current stuff.
# main.cf
smtpd_sender_restrictions =
   permit_auth_destination
   check_sender_access hash:/etc/postfix/allowed_sender_domains
   reject

Where allowed_sender_domains lists the permitted domain names
with OK.  Anything else is rejected.
example.com   OK
example.org   OK

Or use a policy service that limits the number of messages a
specific client can send.  Here's a popular one that works
well and has lots of other features:
http://policyd.sourceforge.net/

And finally, you can run everything through SpamAssassin (and
maybe clamav) using a milter or a content_filter.  Here's a
popular, robust content_filter for controlling SA and clamav:
http://www.ijs.si/software/amavisd/

BTW, scanning mail with clam is pretty painless using the
clamav-milter bundled with clamav.  I would recommend
considering using clam regardless of what other filtering
methods you use.
http://clamav.net/
And once you have clam running, get the Sanesecurity add-on
signatures, which do a great job of catching those pesky
phishing and scam mails.
http://sanesecurity.co.uk/clamav/usage.htm

--
Noel Jones

Reply | Threaded
Open this post in threaded view
|

RE: Filter Outgoing Mail For Spam

Marcel Grandemange
> What is the best way to filter OUTgoing mail for spam?
>
>  
>
> I have postfix with postgrey and quite a few rbl lists and restrictions.
>
>  
>
> Unfortunately this only takes care of some spam.
>
>  
>
>  
>
> We have a network where sometimes clients pc's can get infected and we
> want to avoid sending spam!
>
>  
>
>  
>
> Advice welcome!
>

>First, don't allow any client machines to send mail directly
>to the internet.  Block outgoing connections to port 25 at
>your firewall or router, allowing only official mail servers.

This we cannot do as we are a small WISP and many clients need to connect
directly to there own mail servers.
What we have done is force all outgoing mail through our server for relaying
for control and logging at least.

>The best way to stop spam being sent from your mail server is
>to require your users to authenticate when sending mail (and
>maybe only accept from them on the "submission" port) and
>require that the MAIL FROM matches the credentials used.  This
>stops current viruses from successfully sending any mail.
>This does take some work to set up, and requires additional
>software - either dovecot or cyrus - to handle the authentication.
>http://www.postfix.org/SASL_README.html
>http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mi
smatch
>http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps

Although it's a bit outdated we use pop-before-smtp, but here again we need
to "trust" internal users to allow them to relay to be able
To use there own servers without needing even a valid e-mail account from
us.

>Or as a minimum you can require mail leaving your network to
>use your own MAIL FROM.  This will block spam that forges the
>sender, which is most current stuff.
># main.cf
>smtpd_sender_restrictions =
>   permit_auth_destination
>   check_sender_access hash:/etc/postfix/allowed_sender_domains
>   reject

Here again we would actually hamper users from using there external mail
accounts.

>Where allowed_sender_domains lists the permitted domain names
>with OK.  Anything else is rejected.
>example.com   OK
>example.org   OK

>Or use a policy service that limits the number of messages a
>specific client can send.  Here's a popular one that works
>well and has lots of other features:
>http://policyd.sourceforge.net/


That's what I thought postgrey did?

>And finally, you can run everything through SpamAssassin (and
>maybe clamav) using a milter or a content_filter.  Here's a
>popular, robust content_filter for controlling SA and clamav:
>http://www.ijs.si/software/amavisd/

I forgot to mension but I do use clamav with clamsmtp, however haven't got
spamassasin running as as far as I new it
Only "marks" possible spams and this wont help with outgoing mail...
Input?

>BTW, scanning mail with clam is pretty painless using the
>clamav-milter bundled with clamav.  I would recommend
>considering using clam regardless of what other filtering
>methods you use.
>http://clamav.net/
>And once you have clam running, get the Sanesecurity add-on
>signatures, which do a great job of catching those pesky
>phishing and scam mails.
>http://sanesecurity.co.uk/clamav/usage.htm


Like I said using clamav already although going to do some reading on
sanesecuruty!
Thank You!

--
Noel Jones


__________ NOD32 3416 (20080904) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com


Reply | Threaded
Open this post in threaded view
|

Re: Filter Outgoing Mail For Spam

Sahil Tandon
Marcel Grandemange <[hidden email]> wrote:

> >Or use a policy service that limits the number of messages a
> >specific client can send.  Here's a popular one that works
> >well and has lots of other features:
> >http://policyd.sourceforge.net/
>  
> That's what I thought postgrey did?

No, postgrey does greylisting; see the web site linked above; policyd is
different.  You may want to also explore postfwd and policyd-weight.

--
Sahil Tandon <[hidden email]>