Outbound mail filtering

Gregory T Pelle gregp at domainit.com
Fri Feb 10 06:42:21 PST 2006 

Jon Simola wrote:

>On 2/9/06, Gregory T Pelle <gregp at domainit.com> wrote:
>
>  
>
>>What is the recommended setup for outbound spam filtering?
>>    
>>
>
>On your router, forward all port 25 connections to your filtering
>server except those from your filtering server, as well as other
>standard firewalling for a webserver. I'd also use some sort of
>throttling to cut off any machines that exceed an amount that you set
>per machine (big paying customer website vs $2/month cheap user).
>
>I'd recommend qmail on the filtering machine (my preference, I've not
>used anything else). I've used qmail-scanner before for spamassassin
>and virus scanning, simscan is supposed to be just as good and maybe a
>bit faster. Also check out the spamcontrol patch.
>
>  
>
After your setup has determined that the mail is spam, what do you use
to quarentine it?  In my testbed, I have a setup using sendmail, clamav,
and spamassassin that classifies the mail, but does not perform the
quarentine function.  The tools that I have found to quarentine email
expect that the mail is going to be delivered to your users (which in
this instance is not always the case).

>>I know I am not going to catch 100% of all spam, but I would like to
>>catch most.
>>
>>I also plan on setting up firewall rules on the servers to block all
>>outbound smtp traffic unless it is going to my filtering server.
>>    
>>
>
>I would do that on a router in front of the web servers, as comprimise
>of a webserver would most likely lead to the attacker disabling the
>firewall to send spam. Seperate tasks, web servers should serve web
>pages, routers and firewalls should be seperate from the servers
>they're protecting.
>
>  
>
I would agree that a router would be more secure, but I am limited to
what hardware I have on hand.

>>Any suggestions?  Am I missing something?
>>    
>>
>
>Stuffing your servers into a DMZ makes things easier to secure and
>harder to use.
>
>--
>Jon Simola
>Systems Administrator
>ABC Communications
>_______________________________________________
>freebsd-isp at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>  
>

More information about the freebsd-isp mailing list