--On 26 December 2006 05:53:12 +0000 Monty Ree <[EMAIL PROTECTED]> wrote:
Hello, list. I have used well SA with procmail well against incoming mail. But there are lots of outgoing spam-mails using web programs or using sendmail at my server. (There are several domains are hosted at the server.) So is there any program like spamassassin which can filter against outgoing spam mail? or any program which can limit sending spam-mail? Please recommend any for me.. my system is linux and sendmail.
Don't use spamassassin for this. That's intended for use when you can't police the sender.
First, use a firewall to force web applications to use your mail server, and not connect directly to remote mail servers. Otherwise, you can't know that you're even seeing all the email.
Then, require that web applications use a username and password to connect to your host. The PHP class PHPMailer, for example, can do this. That way you can trace offenders by checking the sender address.
Require that sender addresses are not spoofed. That way the real sender (well, the web application owner) can be held to account for misdemeanours.
Arrange that copies of emails are sent to you (and maybe the application owner), perhaps stripped of the body, or at least notifications. That way, you can get early alerts of abuse. You might want to rate-limit the sending of email.
-- Ian Eiloart IT Services, University of Sussex
