ram a écrit : > On Tue, 2010-03-16 at 15:40 +0100, Vegard Svanberg wrote: >> Hi, >> >> we are trying to mitigate the impact of having infected users, brute >> force hacked webmail accounts etc. sending (larging amounts of) outbound >> spam. >> >> The best idea we've come up with so far is to perform outbound spam >> filtering following these rules (it's a bit more complicated than this, >> but this is the big picture): >> >> - Spam scoring (Spamassassin). If spam: >> - Put the mail on hold >> - Add an iptables rule rejecting the IP >> - Notify postmaster/abuse >> > > Also, > > * Implement ratelimits both inside postfix and in webmail
yes > * Have strong password policies well, this is a lost battle... > * Sign up for Feedback loops and monitor the feedback address closely this too. > * In webmail write scripts to alert you if someone adds a large > multiline signature an this one too. > > > We tried blocking outbound spam using a commercial scanner but the FP's > are far too many to be used in production. So we just alert a human on > these spams and manually intervene if account needs to be blocked. do you mean you read someone else's mail? I find this unacceptable. > Ofcourse some spams do get through by the time :-( it's all about volume.