NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2007-07

Re: Spam Prevention and Cleanup

From: mouss (mlist.onlyfree.fr)
Date: Thu Jul 26 2007 - 14:57:04 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Justin Kim wrote:
> Hello,
>
> I am using virtual domain/user setup with postfix+mysql installation.
> And I am wondering how people are setting up their system so that they get
> ahead of spammers.
> I also used amavis to scan and reinject messages through smtp.
> Basic rate limit control and all the security feature that postfix offers
> works just fine except if the user is one of my customer and that customer
> is the spammer, in tihs case the spammer finds out about the rate control
> and tries to send a small amount of messages (little by little everyday
> kinda method).
>
> What can I do to prevent this from happening? Any measures or suggestions
> please?
>
> 1. I want some sort of alerting system that alerts me when this spam
> activity is going on. (especially a sneaky one like the valid virtual user
> trying to send spams)
>
> 2. After getting alert, I need to find out what email account that person is
> using.
>
> 3. Finally, I need to have that person's original spam message for evidence
> so that I can cancel that person's account.
>
> Thank you in advance,
>
> Justin
>
>

* require authentication if you can. with this, you get more arguments
to cancel the account (otherwise, the guy may claim his machine was
hacked. with a login/passwd, this is harder).

* check for bounces (in your logs). spammers will always have a lot of
invalid addresses. normal users send mail to (no more valid|mistyped|bad
guessed) addresses, but this happens a lot less than with spammers.

* you can use header_checks with warn to log the From header for
inspection. (it should be a reachable address).

* keep using your rate limiting checks. after all, spam is only "viable"
if they can send a lot.

* if they have a "public" list available, check that they: verify
addresses and that they obey unsubscribe requests. just try to subscribe
an address, and see...

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]