Date: Thu, 9 Feb 2006 14:44:34 -0800 From: Jon Simola <jon@abccomm.com> To: freebsd-isp@freebsd.org Subject: Re: Outbound mail filtering Message-ID: <8eea04080602091444g662986dan4bbf2a4124dab1d9@mail.gmail.com> In-Reply-To: <43EBB765.6060709@domainit.com> References: <43EBB765.6060709@domainit.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/9/06, Gregory T Pelle <gregp@domainit.com> wrote: > What is the recommended setup for outbound spam filtering? On your router, forward all port 25 connections to your filtering server except those from your filtering server, as well as other standard firewalling for a webserver. I'd also use some sort of throttling to cut off any machines that exceed an amount that you set per machine (big paying customer website vs $2/month cheap user). I'd recommend qmail on the filtering machine (my preference, I've not used anything else). I've used qmail-scanner before for spamassassin and virus scanning, simscan is supposed to be just as good and maybe a bit faster. Also check out the spamcontrol patch. > I know I am not going to catch 100% of all spam, but I would like to > catch most. > > I also plan on setting up firewall rules on the servers to block all > outbound smtp traffic unless it is going to my filtering server. I would do that on a router in front of the web servers, as comprimise of a webserver would most likely lead to the attacker disabling the firewall to send spam. Seperate tasks, web servers should serve web pages, routers and firewalls should be seperate from the servers they're protecting. > Any suggestions? Am I missing something? Stuffing your servers into a DMZ makes things easier to secure and harder to use. -- Jon Simola Systems Administrator ABC Communications
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8eea04080602091444g662986dan4bbf2a4124dab1d9>