Il 23 marzo 2019 12:53:52 CET, Giovanni Bechis <giova...@paclan.it> ha scritto: >Il 22 marzo 2019 21:31:40 CET, bruno.carva...@xervers.pt ha scritto: >>Thank you all for your suggestions. >>I will follow the path of using a whitelist and block everyone. >>I can track the IPs, but i taught i could put in place something (like >>OVH by example) do (If their system detects spam being sent, the port >>on that ip is automatically blocked and the client alerted). >> >>Cheers >> >> >>Bruno Carvalho (CEO xervers) | +41 79 884 00 44 >> Please consider the environment before printing this email >> >> >> >> >>-----Mensagem original----- >>De: Benny Pedersen <m...@junc.eu> >>Enviada: sexta-feira, 22 de março de 2019 20:55 >>Para: users@spamassassin.apache.org >>Assunto: Re: Filtering at border routers: Is it possible? >> >>Anthony Hoppe skrev den 2019-03-22 18:23: >>> Not knowing the details of your environment... >>> >>> Instead of taking on the job of filtering email for all of your >>> clients (this, to me, will open up a can of worms), why not set a >>> policy that port 25 is blocked by default and customers must request > >>> for it to be unblocked? >> >>dont relay mail from port 25, mails there is final recipient only, not >>forwared >> >>> You can then build a list of who may be using your services to send >>> mail and better track if/when undesirable mail is sent from your >>> network? >> >>ask custommers to use port 587 or 465 as common pratice >> >>but do require sasl auth on this ports, reject all else >> >>sadly i see mtas try to use 587, and 465, i like to know with book >thay >>read > >Hi, >this is what OVH does (article in french, sorry): >https://www.numerama.com/magazine/26297-ovh-copie-et-analyse-tous-les-e-mails-sortant-de-ses-serveurs.html > Giovanni
In short you should duplicate outbound smtp traffic to a dedicated box that will analyze traffic and drop all emails. This can be done with amavisd and SA. Then you should do some accounting and you should find the correct way to integrate this with your corporate firewalls to block offending ip addresses. Giovanni
