On 2006-10-25, at 1614, Ingo Claro wrote:
Jeff Koch escribió:

We are getting demands from large ISP's - Comcast, AOL, AT&T - that we spam filter all outgoing email. We're using simscan to filter incoming email but I think that misses email generated by our customers and autoresponders. Can it be accomplished by modifying /home/vpopmail/etc/tcp.smtp ?

How are other qmail users handling this?

i'm also interested in this feature. Have you found how to filter outgoing messages? for incoming messages I use maildrop

you can still use simscan. the trick is to make your customers send their mail through simscan.

i always did this by blocking outbound traffic to port 25/tcp at the router, unless the source IP was one of my mail servers. this leaves the users no choice but to use your mail server- and if all of your servers' SMTP services run the messages through simscan, all of your users' outgoing mail will be scanned while coming into your server, and your server will only send the "clean" mail out to the internet.

some users will grumble about it, but once they figure out how to change their settings, most of them will never have to mess with it again. you will find two types of people who need special handling:

- some users may be required to use a specific mail server at their office for outbound mail. these users should talk to their company's IT department about how to use an SMTP service on a port number other than 25- preferably one which requires AUTH, and is encrypted. if this is not available, make an exception in your filter which allows outbound traffic to port 25 on that company's SMTP server so that these employees can do their jobs, but you are still blocking outbound traffic to port 25 everywhere else in the world.

- spammers who can no longer send mail directly out... these users should die a slow painful death. forcing them to send their outbound mail through your server also allows you to easily track how much mail they're sending- and if your company charges a fee for "cleaning up after" a spammer (i always charged 10 cents per message) it makes it very easy to document how much spam they sent and know how much to charge them for your time dealing with other ISPs' complaints and getting your servers' IP addresses removed from the blacklists.

and yes, the cleanup fee does work, especially if you have a credit card number on file for a customer. we had a user who actually sent almost 3,500 messages out before i locked him out- we charged his credit card $349 and change, and when he tried to challenge it with his bank, we sent the bank a copy of our agreement and a list of the messages he sent- the bank ended up confirming the charge and we did get the money. (this was in florida, usa, the laws may be different where you are.)

| John M. Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/           <[EMAIL PROTECTED]> |
| Mac OS X proves that it's easier to make UNIX  |
| pretty than it is to make Windows secure.      |

Attachment: PGP.sig
Description: This is a digitally signed message part

Reply via email to