Any anti-spam solution against outgoing mail?

[Monty Ree <ch...@hotmail.com>]

Hello, list.

I have used well SA with procmail well against incoming mail.
But there are lots of outgoing spam-mails using web programs or using 
sendmail at my server.
(There are several domains are hosted at the server.)
 
So is there any program like spamassassin which can filter against outgoing 
spam mail?
or any program which can limit sending spam-mail?

Please recommend any for me..

my system is linux and sendmail.


Thanks for your time..

_________________________________________________________________
메신저에서 문자를 바로 보내보세요 http://phonebuddy.msn.co.kr/ 

Re: Any anti-spam solution against outgoing mail?

[Ken A <ka...@pacific.net>]

Monty Ree wrote:
> Hello, list.
> 
> I have used well SA with procmail well against incoming mail.
> But there are lots of outgoing spam-mails using web programs or using 
> sendmail at my server.
> (There are several domains are hosted at the server.)
> 
> So is there any program like spamassassin which can filter against 
> outgoing spam mail?
> or any program which can limit sending spam-mail?
> 
> Please recommend any for me..
> 
> my system is linux and sendmail.

We push all our outgoing mail from hosting servers through one of our
mail gateways using sendmail's smarthost config.
In sendmail.mc:
define(`SMART_HOST',`smtp.your.provider')

This has several big benefits:

1. We can keep an eye on what hosting customers are sending,
whitelisting them as appropriate, and help them with any legit issues
they have with mass mailing (double opt in list mail ONLY!).

2. The hosting server doesn't have to do the work scanning the mail
since the gateway box runs MailScanner/SA/ClamAV, etc.

3. Any spammer, who finds the latest header injection hole in some php
script is quickly identified, since a milter or SpamAssassin usually
finds such mail quickly - we watch the logs and notify with Nagios of
any serious issue.

4. Also, you can block port 25 outgoing (and other outgoing ports as
appropriate) to anything BUT the mail gateway, so no smtp engines on the
web server are permitted.

As a side note, I'd recommend also monitoring your IP space for any RBL
listings, setting up TOS feedback loops with AOL, etc... All part of the
hosting business these days..

Ken A
Pacific.Net


> 
> Thanks for your time..
> 
> _________________________________________________________________
> 메신저에서 문자를 바로 보내보세요 http://phonebuddy.msn.co.kr/

Re: Any anti-spam solution against outgoing mail?

[maillist <ma...@emailacs.com>]

Ian Eiloart wrote:
>
>
> --On 26 December 2006 05:53:12 +0000 Monty Ree <ch...@hotmail.com> 
> wrote:
>
>> Hello, list.
>>
>> I have used well SA with procmail well against incoming mail.
>> But there are lots of outgoing spam-mails using web programs or using
>> sendmail at my server.
>> (There are several domains are hosted at the server.)
>>  So is there any program like spamassassin which can filter against
>> outgoing spam mail?
>> or any program which can limit sending spam-mail?
>>
>> Please recommend any for me..
>>
>> my system is linux and sendmail.
>>
>>
>
Mimedefang scans outgoing messages, and uses spamassassin.  
http://www.mimedefang.org/

-=Aubrey=-

Re: Any anti-spam solution against outgoing mail?

[ThinkAntiSpam <mr...@think-computers.com>]

We should have an out going spam filter functional by July 2007
www.think-antispam.com

hamann.w wrote:
> 
> Ian Eiloart wrote
> 
>>> 
>>> --On 26 December 2006 05:53:12 +0000 Monty Ree <ch...@hotmail.com>
>>> wrote:
>>> 
>>> > Hello, list.
>>> >
>>> > I have used well SA with procmail well against incoming mail.
>>> > But there are lots of outgoing spam-mails using web programs or using
>>> > sendmail at my server.
>>> > (There are several domains are hosted at the server.)
>>> >  So is there any program like spamassassin which can filter against
>>> > outgoing spam mail?
>>> > or any program which can limit sending spam-mail?
>>> >
>>> > Please recommend any for me..
>>> >
>>> > my system is linux and sendmail.
>>> >
>>> >
>>> 
>>> Don't use spamassassin for this. That's intended for use when you can't 
>>> police the sender.
>>> 
>>> First, use a firewall to force web applications to use your mail server, 
>>> and not connect directly to remote mail servers. Otherwise, you can't
>>> know 
>>> that you're even seeing all the email.
> 
> while I basically agree with you - and this measure will stop
> misconfigured web applications
> - there may be a need for direct connect.
> I am running an email verifier on a shopping website that tries to verify
> email addresses
> before customers submit their orders. Before that, I had almost 1% failed
> email addresses
> (which would not receive order confirmation, shipping confirmation, ...)
>>> 
>>> Then, require that web applications use a username and password to
>>> connect 
>>> to your host. The PHP class PHPMailer, for example, can do this. That
>>> way 
>>> you can trace offenders by checking the sender address.
>>> 
> 
> The average hosting client will not like to rewrite somebody else's mail
> script from mail() to
> something else. With qmail, defining QMAILHOST as the domain name in the
> apache config
> ensures that scripts calling mail() use a valid sender
> I have seen abuse where a mail sending php script was placed into /tmp
> area and executed.
> Mails generated from such script would originate from an admin or role
> account, so checking
> that such mails only go to specific recipients (and only mails from a
> valid customer domain
> are allowed outside) would create an additional line of defense
> 
>>> Require that sender addresses are not spoofed. That way the real sender 
>>> (well, the web application owner) can be held to account for
>>> misdemeanours.
>>> 
>>> Arrange that copies of emails are sent to you (and maybe the application 
>>> owner), perhaps stripped of the body, or at least notifications. That
>>> way, 
>>> you can get early alerts of abuse. You might want to rate-limit the
>>> sending 
>>> of email.
>>> 
>>> -- 
>>> Ian Eiloart
>>> IT Services, University of Sussex
>>> 
> 
> One additional suggestion: do not offer your hosting clients any
> preconfigured script that
> allows to specify the recipient via the web form. Rather provide a
> template where they will
> hardcode the recipient in the script
> 
> Wolfgang Hamann
> 
> 
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Any-anti-spam-solution-against-outgoing-mail--tf2881453.html#a10388989
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: Any anti-spam solution against outgoing mail?

[Ian Eiloart <ia...@sussex.ac.uk>]

--On 26 December 2006 05:53:12 +0000 Monty Ree <ch...@hotmail.com> wrote:

> Hello, list.
>
> I have used well SA with procmail well against incoming mail.
> But there are lots of outgoing spam-mails using web programs or using
> sendmail at my server.
> (There are several domains are hosted at the server.)
>  So is there any program like spamassassin which can filter against
> outgoing spam mail?
> or any program which can limit sending spam-mail?
>
> Please recommend any for me..
>
> my system is linux and sendmail.
>
>

Don't use spamassassin for this. That's intended for use when you can't 
police the sender.

First, use a firewall to force web applications to use your mail server, 
and not connect directly to remote mail servers. Otherwise, you can't know 
that you're even seeing all the email.

Then, require that web applications use a username and password to connect 
to your host. The PHP class PHPMailer, for example, can do this. That way 
you can trace offenders by checking the sender address.

Require that sender addresses are not spoofed. That way the real sender 
(well, the web application owner) can be held to account for misdemeanours.

Arrange that copies of emails are sent to you (and maybe the application 
owner), perhaps stripped of the body, or at least notifications. That way, 
you can get early alerts of abuse. You might want to rate-limit the sending 
of email.

-- 
Ian Eiloart
IT Services, University of Sussex

Re: Any anti-spam solution against outgoing mail?

[John Rudd <jr...@ucsc.edu>]

Monty Ree wrote:
> Hello, list.
> 
> I have used well SA with procmail well against incoming mail.
> But there are lots of outgoing spam-mails using web programs or using 
> sendmail at my server.
> (There are several domains are hosted at the server.)
> 
> So is there any program like spamassassin which can filter against 
> outgoing spam mail?

Well, spamassassin.

Spamassassin identifies spam.  Nothing more, nothing less.  The limit of
"only against incoming mail" is caused by calling spamassassin via
procmail.  If you use spamassassin via some other tool, it can be used
against outgoing mail as well.

For example, have all of your outgoing mail send to a separate smarthost
that is running sendmail+mimedefang  where mimedefang is invoking
spamassassin.  (if you run mimedefang on the same host as your web
programs, I believe they bypass milters ... so that's why I say "a
separate smarthost")


> or any program which can limit sending spam-mail?
> 
> Please recommend any for me..
> 
> my system is linux and sendmail.

I'd look into mimedefang.  Others might recommend the spamassassin
milter, or amavis.  Those are the milter options I'm aware of.  There's
also mailscanner.  All of those will work with sendmail on linux.

Though, you might also want to look into securing your web forms, and
enforcing an anti-spam policy among your customers (ie. reserve the
right to terminate contracts with customers who are generating spam, or
allowing their mail/web configurations to exist in a compromised state).