Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: mouss (mlist.onlyfree.fr)
Date: Thu Jul 26 2007 - 14:57:04 CDT
Justin Kim wrote:
> I am using virtual domain/user setup with postfix+mysql installation.
> And I am wondering how people are setting up their system so that they get
> ahead of spammers.
> I also used amavis to scan and reinject messages through smtp.
> Basic rate limit control and all the security feature that postfix offers
> works just fine except if the user is one of my customer and that customer
> is the spammer, in tihs case the spammer finds out about the rate control
> and tries to send a small amount of messages (little by little everyday
> kinda method).
> What can I do to prevent this from happening? Any measures or suggestions
> 1. I want some sort of alerting system that alerts me when this spam
> activity is going on. (especially a sneaky one like the valid virtual user
> trying to send spams)
> 2. After getting alert, I need to find out what email account that person is
> 3. Finally, I need to have that person's original spam message for evidence
> so that I can cancel that person's account.
> Thank you in advance,
* require authentication if you can. with this, you get more arguments
to cancel the account (otherwise, the guy may claim his machine was
hacked. with a login/passwd, this is harder).
* check for bounces (in your logs). spammers will always have a lot of
invalid addresses. normal users send mail to (no more valid|mistyped|bad
guessed) addresses, but this happens a lot less than with spammers.
* you can use header_checks with warn to log the From header for
inspection. (it should be a reachable address).
* keep using your rate limiting checks. after all, spam is only "viable"
if they can send a lot.
* if they have a "public" list available, check that they: verify
addresses and that they obey unsubscribe requests. just try to subscribe
an address, and see...