Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Fri Nov 06 2009 - 06:31:33 CST
> Let me give you an example. Let say that on 3 am one mailbox is hacked
> and is use to send mails with no link no click buttons just lottery scam
> content and a reply address. You have enforce limits on your server and
> you don't allow to send more then n messages per hour so that guy
> successfully send that n emails. One or more destinations addresses is a
> spam trap.
> Next day in the morning all you can see is that your ip(s) are listed in
> a bunch of rbl and queues are full with messages.
> What I understand from you is how to deal with this situations but what I
> intend to do is to prevent this situations.
> Thank you
Not really. At 3am perhaps it's a difficult moment but in the day when the
user is login for retreiving mail and sending too you could know if he is
login from a strange site and then you can block that user. For example :
Imagine a user sends and retreives mail in Spain. There's no easy
explanation (some users can do... but it's not the normal situation) on
that that user want's in less than 5 minutes later send an email from...
Russia for example... so could block that user and allow the user to do it
later or... perhaps bypass this kind of checks for this user. But you can
sure control where the user is login and so... (this algorithm in wich
between others now I'm working). If I detect this activity I block it
requiring his action. And you could too know how many mails a user can
send normally... if a user can normally send 100 mails... there's almost
no valid reason for that user to send more than those 100 mails in an
hour... so you could block it too requiring it's action for allowing him.
You will have sent 100 but no more.
As said I'm working on this kind of algorithms to determine how to
implement this but I think it's the solution for outgoing relay. Later
postfix can implement sender_login_maps and several other things that can
help you trapping spammers too. You could too check the connecting ip
(who is trying to send mail through you're machine) in how many rbl is
located... I have a script that does parallel rbl check at the same time
and you could determine how trustable is that user.... there are several
ways;even you could do spf check for outgoing mail... seeing if the from
the user is entering is ok to be send from you're machine. And IMHO too
spamassassin is less efficient and slower than this kind of checks for
It's my opinion as said and what I'm gonna try because I have seen this
things in my working experience. I'm going to improve my ideas and develop
this code and well... then we could see how this works. As I say this are
my ideas... others can have different ones :).