Hi, On Mon, 19.07.2010 at 09:43:20 -0600, Brian Godette <bgode...@idcomm.com> wrote: > I hope you realize you still need to deal with the issues of users > with weak/guessable passwords and phishing of account info as well > as the newer bots that recover account info from Outlook/Outlook > Express/Thunderbird.
this is true, BUT > Blocking outbound 25 from the rest of your network, and disallowing > submission to your MX on 25 from your network, does very little for > keeping your own MX from sending spam which is what SA on outgoing > SMTP would be for. It's great from a policy standpoint and contains > the "simple" bots, but for keeping your outbound from MX clean, not > so much. this measure makes it much easier to track down the spammers in your userbase, because the sent emails usually contain a header like "X-Authenticated: joe-sixpack-with-his-can-of-worms". Then you only have to verify that the spam report is legit, and then can simply block this user's account until they have cleaned their PC. Running SA on outbound is still a necessity, though. Kind regards, --Toni++
