Re: Filtering outbound mail
On 2017-02-17 (14:51 MST), David Jones wrote: > >> From: @lbutlr > .Sent: Friday, February 17, 2017 3:41 PM >> To: users@spamassassin.apache.org >> Subject: Re: Filtering outbound mail > >> On 2017-02-16 (07:21 MST), David Jones wrote: >>> From: Christian Grunfeld Sent: Thursday, February 16, 2017 7:50 AM To: Spamassassin List Subject: Re: Filtering outbound mail Are you using postfix as MTA? I use cluebringer suite which has a lot of functionality (spf checks, helo checks, greylist and quotas) >>> >>> I am using Postfix and cluebringer does looks pretty slick >>> so I will check into that. >>> Quotas are fully configurable by tracking inbound and outbound trafic by ip, sasl user, etc >>> >>> These outbound senders are my own internal customers >>> smarthosting through my mail relays so I can't do things >>> like rate limiting, greylisting, SPF checks, HELO checks, >>> etc. on them like I do for Internet inbound mail. > >> Oh yes you can, and yes you should. At the very least a >> sane rate-limit will catch instances where customers get >> compromised. > > Not all compromised accounts these days blast out at a > high rate like we used to see years ago. I have had a few > sneaky ones recently trickle spam through to stay below > the radar so rate-limiting is not the answer with outbound > mail I never said it was THE answer, but it most certainly is AN answer. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.
Re: Filtering outbound mail
Hi, >> I am using Postfix and cluebringer does looks pretty slick >> so I will check into that. Is that policyD? http://wiki.policyd.org/start It looks helpful, but hasn't had any development in at least two years. Thanks, Alex
Re: Filtering outbound mail
On Friday 17 Feb 2017 at 21:51, David Jones wrote: > Not all compromised accounts these days blast out at a high rate like we > used to see years ago. True, but also, some still do. > I have had a few sneaky ones recently trickle spam through to stay below > the radar so rate-limiting is not the answer with outbound mail It may not be *the* answer, but it's a good (and simple) addition as _part_ of the answer. > I was able to build a SQL query to catch the slow sending compromised > accounts. So far it looks reliable with a sane threshold. Just waiting for > another compromised account to see it trigger a block. Keep us updated. For some folks, though, a simple solution which helps with the worst offenders (as far as spam volume, and network bandwidth, are concerned) is worth more than effort of creating a more complicated filter. Antony. -- Salad is what food eats. Please reply to the list; please *don't* CC me.
Re: Filtering outbound mail
>From: @lbutlr .Sent: Friday, February 17, 2017 3:41 PM >To: users@spamassassin.apache.org >Subject: Re: Filtering outbound mail >On 2017-02-16 (07:21 MST), David Jones wrote: >> >>> From: Christian Grunfeld >>> Sent: Thursday, February 16, 2017 7:50 AM >>> To: Spamassassin List >>> Subject: Re: Filtering outbound mail >>> >>> Are you using postfix as MTA? I use cluebringer suite which >>> has a lot of functionality (spf checks, helo checks, greylist >>> and quotas) >> >> I am using Postfix and cluebringer does looks pretty slick >> so I will check into that. >> >>> Quotas are fully configurable by tracking inbound and >>> outbound trafic by ip, sasl user, etc >> >> These outbound senders are my own internal customers >> smarthosting through my mail relays so I can't do things >> like rate limiting, greylisting, SPF checks, HELO checks, >> etc. on them like I do for Internet inbound mail. >Oh yes you can, and yes you should. At the very least a >sane rate-limit will catch instances where customers get >compromised. Not all compromised accounts these days blast out at a high rate like we used to see years ago. I have had a few sneaky ones recently trickle spam through to stay below the radar so rate-limiting is not the answer with outbound mail I was able to build a SQL query to catch the slow sending compromised accounts. So far it looks reliable with a sane threshold. Just waiting for another compromised account to see it trigger a block. Dave
Re: Filtering outbound mail
On 2017-02-16 (07:21 MST), David Jones wrote: > >> From: Christian Grunfeld >> Sent: Thursday, February 16, 2017 7:50 AM >> To: Spamassassin List >> Subject: Re: Filtering outbound mail > >> Are you using postfix as MTA? I use cluebringer suite which >> has a lot of functionality (spf checks, helo checks, greylist >> and quotas) > > I am using Postfix and cluebringer does looks pretty slick > so I will check into that. > >> Quotas are fully configurable by tracking inbound and >> outbound trafic by ip, sasl user, etc > > These outbound senders are my own internal customers > smarthosting through my mail relays so I can't do things > like rate limiting, greylisting, SPF checks, HELO checks, > etc. on them like I do for Internet inbound mail. Oh yes you can, and yes you should. At the very least a sane rate-limit will catch instances where customers get compromised. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.