Loading ...
Sorry, an error occurred while loading the content.
 

block spam mail from lan

Expand Messages
  • Pol Hallen
    Hi folks! I m newbie and I study postfix What I should be use to (check) and block attempt spam from my lan to internet?
    Message 1 of 8 , May 10, 2013
      Hi folks!

      I'm newbie and I study postfix

      What I should be use to (check) and block attempt spam from my lan to
      internet?
    • Wietse Venema
      ... Welcome (that s a funny email address BTW). Here are some suggestions for software that is often used with Postfix: - Use a content filter, so that your
      Message 2 of 8 , May 10, 2013
        Pol Hallen:
        > Hi folks!
        >
        > I'm newbie and I study postfix
        >
        > What I should be use to (check) and block attempt spam from my lan to
        > internet?

        Welcome (that's a funny email address BTW). Here are some suggestions
        for software that is often used with Postfix:

        - Use a content filter, so that your clients cannot send out known
        malware. http://www.ijs.si/software/amavisd/

        - Use per-client rate limits, so that an infected client cannot
        send too much mail. http://www.postfwd.org/

        Wietse
      • Stan Hoeppner
        ... And the most effective countermeasure to spam originating from devices on the LAN has nothing to do with Postfix. As most spamware in the wild today still
        Message 3 of 8 , May 10, 2013
          On 5/10/2013 1:06 PM, Wietse Venema wrote:
          > Pol Hallen:
          >> Hi folks!
          >>
          >> I'm newbie and I study postfix
          >>
          >> What I should be use to (check) and block attempt spam from my lan to
          >> internet?
          >
          > Welcome (that's a funny email address BTW). Here are some suggestions
          > for software that is often used with Postfix:
          >
          > - Use a content filter, so that your clients cannot send out known
          > malware. http://www.ijs.si/software/amavisd/
          >
          > - Use per-client rate limits, so that an infected client cannot
          > send too much mail. http://www.postfwd.org/

          And the most effective countermeasure to spam originating from devices
          on the LAN has nothing to do with Postfix. As most spamware in the wild
          today still attempts to send direct-to-MX, simply creating a TCP 25
          egress filter at your edge router/firewall will give the best bang for
          the buck. This simply means creating a rule to drop all outbound TCP 25
          connections except those originating from the IP of your Postfix MTA.

          --
          Stan
        • Pol Hallen
          ... I don t understand. Situation: A real user using browser connect to squirrelmail and send a mail. It s ok. But if this user create a mail bomb using
          Message 4 of 8 , May 11, 2013
            > And the most effective countermeasure to spam originating from devices
            > on the LAN has nothing to do with Postfix. As most spamware in the wild
            > today still attempts to send direct-to-MX, simply creating a TCP 25
            > egress filter at your edge router/firewall will give the best bang for
            > the buck. This simply means creating a rule to drop all outbound TCP 25
            > connections except those originating from the IP of your Postfix MTA.

            I don't understand.

            Situation: A real user using browser connect to squirrelmail and send a
            mail. It's ok.

            But if this user create a mail bomb using squirrelmail how way to spam I
            can have this problem.

            If a drop port 25, user can send any mail.

            Or tell me what I don't understand.

            Thanks!
          • lists@rhsoft.net
            ... well, nothing can really prevent you from bad users with valid logins you can only mitigate the amount of spam until you recognize what happens and you
            Message 5 of 8 , May 11, 2013
              Am 11.05.2013 14:34, schrieb Pol Hallen:
              > I don't understand.
              >
              > Situation: A real user using browser connect to squirrelmail and send a
              > mail. It's ok.
              >
              > But if this user create a mail bomb using squirrelmail how way to spam I
              > can have this problem

              well, nothing can really prevent you from bad users with valid logins
              you can only mitigate the amount of spam until you recognize what
              happens and you shut down the user account

              the problem with webmail and such limitations is that you have
              always the same client-ip and if the values are too low it
              affects users which are not responsible for spam

              so the solution is get rid of untrustable users and/or force
              them at least to use a mail-client from their own IP/machine

              anvil_rate_time_unit = 1800s
              smtpd_client_connection_rate_limit = 50
              smtpd_client_recipient_rate_limit = 400
              smtpd_recipient_limit = 100
            • Benny Pedersen
              ... remove permit_mynetworks ?, so all need to use smtp auth via sasl, if you still see spam going out, you knwo what auth to close -- senders that put my
              Message 6 of 8 , May 11, 2013
                Pol Hallen skrev den 2013-05-10 19:45:
                > Hi folks!
                >
                > I'm newbie and I study postfix
                >
                > What I should be use to (check) and block attempt spam from my lan to
                > internet?

                remove permit_mynetworks ?, so all need to use smtp auth via sasl, if
                you still see spam going out, you knwo what auth to close

                --
                senders that put my email into body content will deliver it to my own
                trashcan, so if you like to get reply, dont do it
              • Benny Pedersen
                ... or make DNAT iptables rule so all outgoing port 25 will go to lan postfix server on port 25 not remote deliver to mx :) -- senders that put my email into
                Message 7 of 8 , May 11, 2013
                  Stan Hoeppner skrev den 2013-05-10 21:25:
                  > This simply means creating a rule to drop all outbound TCP 25
                  > connections except those originating from the IP of your Postfix MTA.

                  or make DNAT iptables rule so all outgoing port 25 will go to lan
                  postfix server on port 25 not remote deliver to mx :)

                  --
                  senders that put my email into body content will deliver it to my own
                  trashcan, so if you like to get reply, dont do it
                • Stan Hoeppner
                  ... It would probably be best at this point for you to describe your network, your mail usage scenario, so we can give you targeted responses. I.e. is this a
                  Message 8 of 8 , May 11, 2013
                    On 5/11/2013 7:34 AM, Pol Hallen wrote:
                    >> And the most effective countermeasure to spam originating from devices
                    >> on the LAN has nothing to do with Postfix. As most spamware in the wild
                    >> today still attempts to send direct-to-MX, simply creating a TCP 25
                    >> egress filter at your edge router/firewall will give the best bang for
                    >> the buck. This simply means creating a rule to drop all outbound TCP 25
                    >> connections except those originating from the IP of your Postfix MTA.
                    >
                    > I don't understand.
                    >
                    > Situation: A real user using browser connect to squirrelmail and send a
                    > mail. It's ok.
                    >
                    > But if this user create a mail bomb using squirrelmail how way to spam I
                    > can have this problem.
                    >
                    > If a drop port 25, user can send any mail.
                    >
                    > Or tell me what I don't understand.

                    It would probably be best at this point for you to describe your
                    network, your mail usage scenario, so we can give you targeted
                    responses. I.e. is this a

                    1. typical office environment mail server
                    2. SOHO or personal server
                    3. university mail server
                    4. ISP mail server

                    --
                    Stan
                  Your message has been successfully submitted and would be delivered to recipients shortly.