I think you are in for a lot of pain. This is the view from my seat. If my company has a client that sends spam using my IP, then my IP earns a bad reputation and is blacklisted. Therefore, my other clients are blacklisted too, even if they do not send spam. If I do not solve the problem, then I will loose all of my clients and go bankrupt, eventually.
As a businessman with complaining clients, I must hire a *professional* consultant who gets under my skin and finally tells me what my problem *is* and how to solve it. None of us in this list can bear responsibility for your decisions. Out of curiosity, did you look up for potential consultants? How much did they ask for wearing your problem? On Fri, Mar 22, 2019 at 21:31, <bruno.carva...@xervers.pt> wrote: > Thank you all for your suggestions. > I will follow the path of using a whitelist and block everyone. > I can track the IPs, but i taught i could put in place something (like OVH by > example) do (If their system detects spam being sent, the port on that ip is > automatically blocked and the client alerted). > > Cheers > > Bruno Carvalho (CEO xervers) | +41 79 884 00 44 > Please consider the environment before printing this email > > -----Mensagem original----- > De: Benny Pedersen <m...@junc.eu> > Enviada: sexta-feira, 22 de março de 2019 20:55 > Para: users@spamassassin.apache.org > Assunto: Re: Filtering at border routers: Is it possible? > > Anthony Hoppe skrev den 2019-03-22 18:23: >> Not knowing the details of your environment... >> >> Instead of taking on the job of filtering email for all of your >> clients (this, to me, will open up a can of worms), why not set a >> policy that port 25 is blocked by default and customers must request >> for it to be unblocked? > > dont relay mail from port 25, mails there is final recipient only, not > forwared > >> You can then build a list of who may be using your services to send >> mail and better track if/when undesirable mail is sent from your >> network? > > ask custommers to use port 587 or 465 as common pratice > > but do require sasl auth on this ports, reject all else > > sadly i see mtas try to use 587, and 465, i like to know with book thay read
