Using Ratelimit in Exim MTA and plugin "Restrict Senders" in Squirrelmail slows them down. Spammers need to send out large number of messages to get any payback. Limiting the number they can send with a compromised account really makes that account of no value to them.
Matt On Sun, Mar 1, 2009 at 7:47 AM, giga328 <giga...@hotmail.com> wrote: > > Hi all, > > We have some strong spam attacks done by combination of our webmail, viruses > and open proxies. > > Situation is like this: > Our outgoing SMTP server is open only for users from our IP addresses and is > filtered for rest of the world. Our webmail interface is open to whole world > as our users need to access it from anywhere (of course they have to log in > first). > Spammers are stilling passwords from some of our users by using viruses > (passwords are stolen, not guessed or brute force cracked). > Spammers have application which is able to authenticate to our webmail > interface and post email :) > > After posting email by webmail interface, message is routed to our outgoing > SMTP server. It is scanned by spamd from SpamAssassin but it get low score. > Low score is from tests ALL_TRUSTED and/or BAYES_xx and/or AWL. > I'm not sure if we can remove webmail IP address from trusted networks > because we can get to much false positives by doing that (as we had in the > past). > For low scores BAYES_xx I have idea to lower default scores in cf. Any other > idea? > For AWL problem I have one question. If I understood right, AWL is based on > From address. Is it possible to fast change algorithm of AWL to be bases on > unique combination of From and To addresses? Or maybe on even complicated > Header-From, Header-To, Envelope-From, Envelope-To tuple? In that way AWL > will much better track habits of users. > > Or if anybody had same problems I'm open to any suggestions. > > Regards, > Giga > > -- > View this message in context: > http://www.nabble.com/Webmail-spammers-tp22273077p22273077.html > Sent from the SpamAssassin - Users mailing list archive at Nabble.com. > >
