>Hi, > >I am trying to find a solution to a setup, where I want to make sure that >infected machines on the inner side (MYNETWORKS) is'nt able to push >out big amounts of SPAM. > >I have full control on SPAM coming from outside but want to have a mechanism >that can detect this situation primarily to avoid being blacklistet. > >This is a University Enviroment and it is not a solution to discard outgoing >SPAM >primarily because just one positive could stop that application a scientist >has sent >to apply for funds to his research project and this they normally do in the >last minute. > >Normally outgoing SPAM is'nt a problem but when a server/client gets hacked >this >becomes a serious problem.
I solved this problem at the envelope level with postfwd, rather than wasting enormous machine resources stupidly content-scanning each of 10s of 1000s spam from an attacker with a cracked password. After sender-whitelisting senders who are legit volume senders, I use postfwd sender rate limiting to HOLD any sender who sends more than 50 msgs in 8 hours. If the msgs are spam, I delete them. If legit sender, I add the sender to the whitelist file and release the msgs. Len ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
