Date: Fri, 10 Feb 2006 09:42:18 -0500 From: Gregory T Pelle <gregp@domainit.com> To: freebsd-isp@freebsd.org Subject: Re: Outbound mail filtering Message-ID: <43ECA64A.3000908@domainit.com> In-Reply-To: <8eea04080602091444g662986dan4bbf2a4124dab1d9@mail.gmail.com> References: <43EBB765.6060709@domainit.com> <8eea04080602091444g662986dan4bbf2a4124dab1d9@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jon Simola wrote: >On 2/9/06, Gregory T Pelle <gregp@domainit.com> wrote: > > > >>What is the recommended setup for outbound spam filtering? >> >> > >On your router, forward all port 25 connections to your filtering >server except those from your filtering server, as well as other >standard firewalling for a webserver. I'd also use some sort of >throttling to cut off any machines that exceed an amount that you set >per machine (big paying customer website vs $2/month cheap user). > >I'd recommend qmail on the filtering machine (my preference, I've not >used anything else). I've used qmail-scanner before for spamassassin >and virus scanning, simscan is supposed to be just as good and maybe a >bit faster. Also check out the spamcontrol patch. > > > After your setup has determined that the mail is spam, what do you use to quarentine it? In my testbed, I have a setup using sendmail, clamav, and spamassassin that classifies the mail, but does not perform the quarentine function. The tools that I have found to quarentine email expect that the mail is going to be delivered to your users (which in this instance is not always the case). >>I know I am not going to catch 100% of all spam, but I would like to >>catch most. >> >>I also plan on setting up firewall rules on the servers to block all >>outbound smtp traffic unless it is going to my filtering server. >> >> > >I would do that on a router in front of the web servers, as comprimise >of a webserver would most likely lead to the attacker disabling the >firewall to send spam. Seperate tasks, web servers should serve web >pages, routers and firewalls should be seperate from the servers >they're protecting. > > > I would agree that a router would be more secure, but I am limited to what hardware I have on hand. >>Any suggestions? Am I missing something? >> >> > >Stuffing your servers into a DMZ makes things easier to secure and >harder to use. > >-- >Jon Simola >Systems Administrator >ABC Communications >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43ECA64A.3000908>