outbound spam filtering
in [Postfix]
|
Prev: Need help to configure postfix to send only emails.
Next: how to increase throughput of postfix to local user?
From: mouss on 6 Nov 2009 17:50 Alex a �crit : > Hello > > This is my first post on this list. I have a atypical configuration like : > - an MX server for inbound mails; this server is configured virtual > domains, graylisting , antivirus and antispam for all incoming mails; it > is also use for my users as a pop/imap/smtp server. > - all emails originating from my users (authenticated users) are relayed > to another servers. On this outgoing servers I have 3 to 8 postfix > instances on different ips. Each instance have a dedicated transport > for servers like yahoo , hotmail etc > Basically is one of my users want to send a email outside it must > authenticate to the smtp server. The smtp server relay that message to > one gateway server (round-robin fashion) and the gateway server send the > message to the destination. > What I am try to do is scan all outbound emails (I have a few > situations in witch a mail account was owned by spammers and use to send > spam). The scanner must be on the gateway servers not on the smtp server > because he can't take any more load. > About scanning software on the incoming server I use spamassassin > invoke from maildrop. On gateway server I try to use something more > light and I read about dspam . > I have a few questions for you: > - how can I use dspam or any other scanning software on my gateway > servers (multiple instance configuration) ? Most statistical anti-spam filters assume an inbound model. you can use a "global" bayes setup, but then I don't think you'll benefit from dspam/bogo/... spamassassin has "heuristic" rules, which may be helpful. > - is dspam a good choice ? statistical filtering is easier for inbound mail. for outbound mail, it will cause problems. rate limiting and "anomaly detection" are a better choice.
From: Eero Volotinen on 6 Nov 2009 17:58 > statistical filtering is easier for inbound mail. for outbound mail, it > will cause problems. rate limiting and "anomaly detection" are a better > choice. Next question: how to implement both on postix? -- Eero
From: Egoitz Aurrekoetxea Aurre on 6 Nov 2009 18:01 I'm working on one project for achieving this implementation. Perhaps in two months or probably three I'll have it ready. It will use BSD license. :) bye!!! El 06/11/2009, a las 23:58, Eero Volotinen escribió: > >> statistical filtering is easier for inbound mail. for outbound >> mail, it >> will cause problems. rate limiting and "anomaly detection" are a >> better >> choice. > > Next question: how to implement both on postix? > > -- > Eero > >
From: Phill Macey on 7 Nov 2009 18:44 2009/11/7 mouss <mouss(a)ml.netoyen.net>: > Alex a écrit : >> Hello >> >> This is my first post on this list. I have a atypical configuration like : >> - an MX server for inbound mails; this server is configured virtual >> domains, graylisting , antivirus and antispam for all incoming mails; it >> is also use for my users as a pop/imap/smtp server. >> - all emails originating from my users (authenticated users) are relayed >> to another servers. On this outgoing servers I have 3 to 8 postfix >> instances  on different ips. Each  instance have a dedicated transport >> for servers like yahoo , hotmail etc >> Basically is one of my users want to send a email outside it must >> authenticate to the smtp server. The smtp server relay that message to >> one gateway server (round-robin fashion) and the gateway server send the >> message to the destination. >>   What I am try to do is scan all outbound emails (I have a few >> situations in witch a mail account was owned by spammers and use to send >> spam). The scanner must be on the gateway servers not on the smtp server >> because he can't take any more load. >>   About scanning software on the incoming server I use spamassassin >> invoke from maildrop. On gateway server I try to use something more >> light and  I read about dspam . >>   I have a few questions for you: >>   - how can I use dspam or any other scanning software on my gateway >> servers (multiple instance configuration) ? > > Most statistical anti-spam filters assume an inbound model. you can use > a "global" bayes setup, but then I don't think you'll benefit from > dspam/bogo/... > Could you turn the outgoing mail around and make it inbound mail as well? eg. Could you make use of 'always_bcc' to copy all outgoing messages to an address on another postfix instance somewhere and then run the spam filtering over the incoming mail on that instance? Tell the spam filter to throw away all the real mail and keep all the spam - which would be nothing if all goes well. Presumably all the host/ip address based filters would be fairly useless in that set up - assuming it is doable in the first place. It wouldnt prevent the spam from going out, but would allow you to detect it easily if/when it happens again. (I suppose you could script something up to automatically add the sender to a blacklist as soon as a message appears) -- Phill
From: mouss on 8 Nov 2009 04:29 Phill Macey a écrit : > 2009/11/7 mouss <mouss(a)ml.netoyen.net>: >> >> Most statistical anti-spam filters assume an inbound model. you can use >> a "global" bayes setup, but then I don't think you'll benefit from >> dspam/bogo/... >> > > Could you turn the outgoing mail around and make it inbound mail as > well? [snip] no, the problem is related to training. in the case of inbound mail, statistical filters use the fact that a given user (or a given set of users) receive mail which characteristics can be learned if you have a sufficient corpus (of ham and spam). you can still use this for outbound mail, with a global "dictionary" (site wide setup). but - nobody is going to feed back "false negatives" (missed spam) - who is going to feed back "false positives"? how? while feasible, this is not a simple problem. that said, you can still run spamassin and have a log parser to detect problems: some user suddenly sends a lot of mail that gets tagged as spam... etc. definitely not a simple problem...
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: Need help to configure postfix to send only emails. Next: how to increase throughput of postfix to local user? |