Detecting outgoing SPAM in postfix
Hello, Does anyone know if Postfix can detect outgoing SPAM, or more specifically bulk emails? I think a way to restrict or limit a hosted domain to sending only a few emails per hour would solve my problem. Many thanks, Stuart Stuart Bailey BSc (hons) CEng CITP MBCS LinuSoft (Managing Director) Linux Specialist & Software Developer ~~~~~~~~~~~~~~~~~~~~~~~ Phone: (0845) 658 3563 Direct: +44 (0) 1953 878162 Fax: +44 (0) 1603 858583 ~~~~~~~~~~~~~~~~~~~~~~~ http://www.linusoft.co.uk __________ Information from ESET Mail Security, version of virus signature database 7068 (20120419) __________ The message was checked by ESET Mail Security. http://www.eset.com
Stuart Bailey <stuart@linusoft.co.uk>
Does anyone know if Postfix can detect outgoing SPAM, or more specifically bulk emails? I think a way to restrict or limit a hosted domain to sending only a few emails per hour would solve my problem.
You could route the outgoing side of postfix through a spam scanner like amavis just like the incoming side often is, but I think rate limits can be set through the anvil. See TUNING_README, man anvil and man 5 postconf from the postfix packages. This sort of thing is where I start reaching for exim4 though... Hope that points in the right direction, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
On Fri, 20 Apr 2012 15:20:26 +0100 MJ Ray <mjr@phonecoop.coop> allegedly wrote:
You could route the outgoing side of postfix through a spam scanner like amavis just like the incoming side often is, but I think rate limits can be set through the anvil. See TUNING_README, man anvil and man 5 postconf from the postfix packages.
This sort of thing is where I start reaching for exim4 though...
Why (in all innocence)? I know little about exim. Does it approach the spam problem in a better way than postfix? Mick --------------------------------------------------------------------- blog: baldric.net fingerprint: E8D2 8882 F7AE DEB7 B2AA 9407 B9EA 82CC 1092 7423 ---------------------------------------------------------------------
On 20 Apr 20:59, mick wrote:
On Fri, 20 Apr 2012 15:20:26 +0100 MJ Ray <mjr@phonecoop.coop> allegedly wrote:
You could route the outgoing side of postfix through a spam scanner like amavis just like the incoming side often is, but I think rate limits can be set through the anvil. See TUNING_README, man anvil and man 5 postconf from the postfix packages.
This sort of thing is where I start reaching for exim4 though...
Why (in all innocence)? I know little about exim. Does it approach the spam problem in a better way than postfix?
Mostly, the reason for reaching for exim is that complicated configuration is easier and more clear in exim (in my experience, at any rate) - I tend to use exim everywhere that I can though, and only use postfix when doing things for work (because the setup is "relatively" simple in postfix). Cheers, -- Brett Parker
Brett Parker <iDunno@sommitrealweird.co.uk>
On 20 Apr 20:59, mick wrote:
Why (in all innocence)? I know little about exim. Does it approach the spam problem in a better way than postfix?
Mostly, the reason for reaching for exim is that complicated configuration is easier and more clear in exim (in my experience, at any rate) - I tend to use exim everywhere that I can though, and only use postfix when doing things for work (because the setup is "relatively" simple in postfix).
That's basically the same for me. What postfix can do easily, it does easily, but what postfix can't do easily is like slamming into a brick wall. Exim seems rather more complicated even in the sample case, but it has a more gradual increase in complexity and it seems to connect to everything if you want/need it to. For example, I've connected it to some really entertaining authentication systems... Hope that explains, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
On Mon, 23 Apr 2012 11:37:56 +0100 MJ Ray <mjr@phonecoop.coop> allegedly wrote:
Brett Parker <iDunno@sommitrealweird.co.uk>
On 20 Apr 20:59, mick wrote:
Why (in all innocence)? I know little about exim. Does it approach the spam problem in a better way than postfix?
Mostly, the reason for reaching for exim is that complicated configuration is easier and more clear in exim (in my experience, at any rate) - I tend to use exim everywhere that I can though, and only use postfix when doing things for work (because the setup is "relatively" simple in postfix).
That's basically the same for me. What postfix can do easily, it does easily, but what postfix can't do easily is like slamming into a brick wall. Exim seems rather more complicated even in the sample case, but it has a more gradual increase in complexity and it seems to connect to everything if you want/need it to. For example, I've connected it to some really entertaining authentication systems...
Hope that explains,
Thanks Guys. I may take a look at exim now. In the past I have ignored it because postfix just works and does what I want. Mick --------------------------------------------------------------------- blog: baldric.net fingerprint: E8D2 8882 F7AE DEB7 B2AA 9407 B9EA 82CC 1092 7423 ---------------------------------------------------------------------
On Thu, 19 Apr 2012 12:32:13 +0100 Stuart Bailey <stuart@linusoft.co.uk> allegedly wrote:
Hello, Does anyone know if Postfix can detect outgoing SPAM, or more specifically bulk emails? I think a way to restrict or limit a hosted domain to sending only a few emails per hour would solve my problem.
Stuart Do you use smtp authentication? Insisting on auth before relaying would probably cut down most bulk email attempts. There is a good list of howtos and addons at http://www.postfix.org/addon.html Mick --------------------------------------------------------------------- blog: baldric.net fingerprint: E8D2 8882 F7AE DEB7 B2AA 9407 B9EA 82CC 1092 7423 ---------------------------------------------------------------------
On Friday 20 April 2012 20:56:58 mick wrote:
On Thu, 19 Apr 2012 12:32:13 +0100
Stuart Bailey <stuart@linusoft.co.uk> allegedly wrote:
Hello, Does anyone know if Postfix can detect outgoing SPAM, or more specifically bulk emails? I think a way to restrict or limit a hosted domain to sending only a few emails per hour would solve my problem.
Stuart
Do you use smtp authentication? Insisting on auth before relaying would probably cut down most bulk email attempts.
There is a good list of howtos and addons at http://www.postfix.org/addon.html
Mick
Thanks Mick, The situation is I have a customer who is hosting emails for a number of domains (his customers). He has been hit in the past when one of his customers got infected with malware that started sending spam out. This led to his IP being recorded in numerous blacklists, causing problems for his other customers. So I will send outgoing emails via something like spamassassin, but not sure in SMTP AUTH will make much difference, since they are legitimate clients. Some way of limiting outgoing emails per user - as suggested in anvil - may work well. i'll report back when I've tried it. Thanks, Stuart Stuart Bailey BSc (hons) CEng CITP MBCS LinuSoft (Managing Director) Linux Specialist & Software Developer ~~~~~~~~~~~~~~~~~~~~~~~ Phone: (0845) 658 3563 Direct: +44 (0) 1953 878162 Fax: +44 (0) 1603 858583 ~~~~~~~~~~~~~~~~~~~~~~~ http://www.linusoft.co.uk __________ Information from ESET Mail Security, version of virus signature database 7073 (20120420) __________ The message was checked by ESET Mail Security. http://www.eset.com
Thanks Mick, The situation is I have a customer who is hosting emails for a number of domains (his customers). He has been hit in the past when one of his customers got infected with malware that started sending spam out. This led to his IP being recorded in numerous blacklists, causing problems for his other customers.
That's interesting as most of the time I have seen malware that sends spam it tries to send directly rather than using a smarthost/relay it has harvested from the infected pc's configuration. This is why in fact it is a very good idea to block SMTP outbound either from anything but your local MTA (if you are running one) or to anything other than the relay you are using. I think if you go the rate limit route you are going to have to end up setting it higher than you expect. It would only take a few conversations that say had 10 recipients, 5 of which are at your customers domain, if 3 of those fire back messages to all and do that a few times in an hour.....
participants (5)
-
Brett Parker -
mick -
MJ Ray -
Stuart Bailey -
Wayne Stallwood