ram a écrit :
> On Tue, 2010-03-16 at 15:40 +0100, Vegard Svanberg wrote:
>> Hi,
>>
>> we are trying to mitigate the impact of having infected users, brute
>> force hacked webmail accounts etc. sending (larging amounts of) outbound
>> spam. 
>>
>> The best idea we've come up with so far is to perform outbound spam
>> filtering following these rules (it's a bit more complicated than this,
>> but this is the big picture):
>>
>> - Spam scoring (Spamassassin). If spam:
>> - Put the mail on hold
>> - Add an iptables rule rejecting the IP
>> - Notify postmaster/abuse
>>
> 
> Also, 
> 
> * Implement ratelimits both inside postfix and in webmail

yes

> * Have strong password policies

well, this is a lost battle...

> * Sign up for Feedback loops and monitor the feedback address closely

this too.

> * In webmail write scripts to alert you if someone adds a large
> multiline signature 

an this one too.

> 
> 
> We tried blocking outbound spam using a commercial scanner but the FP's
> are far too many to be used in production. So we just alert a  human on
> these spams and manually intervene if account needs to be blocked.

do you mean you read someone else's mail? I find this unacceptable.

> Ofcourse some spams do get through by the time :-( 

it's all about volume.

Reply via email to