>From: Axb <axb.li...@gmail.com> >Sent: Thursday, February 16, 2017 4:54 AM >To: users@spamassassin.apache.org >Subject: Re: Filtering outbound mail >On 02/16/2017 11:07 AM, David Jones wrote: >> Would it make sense for me to setup/manage my own custom >> rules for checking the To: header or could the FreeMail plugin >> be extended to add new rules like FREEMAIL_TO?
>To block outbound bursts using SA is probably the most inneficient method. >Fai2ban is probably safer / easier to manage >Also, look into inbound rating per sender / IP & time period. I have implemented rate limiting and very accurate RBL checking on inbound mail. I can't do blocking with fail2ban or rate limiting on outbound customer mail since not all of them setup a dedicated NAT IP for their servers that send email so blocking an IP could have multiple servers behind that NAT IP. Our primary customers are K12 education and libraries which have automated software that blast out emails to parents and patrons for school attendance, grades, progress reports, and book overdue reports. I have whitelisted these types of emails with a SHORTCIRCUIT rule that is excluded from the compromised account detection. I guess I will setup/maintain my own FREEMAIL_TO rules but I thought that others would also have the same need. Maybe not. Seemed logical to extend the FreeMail plugin to add a few new rules. Dave