Loading ...
Sorry, an error occurred while loading the content.

Re: block spam mail from lan

Expand Messages
  • Wietse Venema
    ... Welcome (that s a funny email address BTW). Here are some suggestions for software that is often used with Postfix: - Use a content filter, so that your
    Message 1 of 8 , May 10, 2013
    • 0 Attachment
      Pol Hallen:
      > Hi folks!
      >
      > I'm newbie and I study postfix
      >
      > What I should be use to (check) and block attempt spam from my lan to
      > internet?

      Welcome (that's a funny email address BTW). Here are some suggestions
      for software that is often used with Postfix:

      - Use a content filter, so that your clients cannot send out known
      malware. http://www.ijs.si/software/amavisd/

      - Use per-client rate limits, so that an infected client cannot
      send too much mail. http://www.postfwd.org/

      Wietse
    • Stan Hoeppner
      ... And the most effective countermeasure to spam originating from devices on the LAN has nothing to do with Postfix. As most spamware in the wild today still
      Message 2 of 8 , May 10, 2013
      • 0 Attachment
        On 5/10/2013 1:06 PM, Wietse Venema wrote:
        > Pol Hallen:
        >> Hi folks!
        >>
        >> I'm newbie and I study postfix
        >>
        >> What I should be use to (check) and block attempt spam from my lan to
        >> internet?
        >
        > Welcome (that's a funny email address BTW). Here are some suggestions
        > for software that is often used with Postfix:
        >
        > - Use a content filter, so that your clients cannot send out known
        > malware. http://www.ijs.si/software/amavisd/
        >
        > - Use per-client rate limits, so that an infected client cannot
        > send too much mail. http://www.postfwd.org/

        And the most effective countermeasure to spam originating from devices
        on the LAN has nothing to do with Postfix. As most spamware in the wild
        today still attempts to send direct-to-MX, simply creating a TCP 25
        egress filter at your edge router/firewall will give the best bang for
        the buck. This simply means creating a rule to drop all outbound TCP 25
        connections except those originating from the IP of your Postfix MTA.

        --
        Stan
      • Pol Hallen
        ... I don t understand. Situation: A real user using browser connect to squirrelmail and send a mail. It s ok. But if this user create a mail bomb using
        Message 3 of 8 , May 11, 2013
        • 0 Attachment
          > And the most effective countermeasure to spam originating from devices
          > on the LAN has nothing to do with Postfix. As most spamware in the wild
          > today still attempts to send direct-to-MX, simply creating a TCP 25
          > egress filter at your edge router/firewall will give the best bang for
          > the buck. This simply means creating a rule to drop all outbound TCP 25
          > connections except those originating from the IP of your Postfix MTA.

          I don't understand.

          Situation: A real user using browser connect to squirrelmail and send a
          mail. It's ok.

          But if this user create a mail bomb using squirrelmail how way to spam I
          can have this problem.

          If a drop port 25, user can send any mail.

          Or tell me what I don't understand.

          Thanks!
        • lists@rhsoft.net
          ... well, nothing can really prevent you from bad users with valid logins you can only mitigate the amount of spam until you recognize what happens and you
          Message 4 of 8 , May 11, 2013
          • 0 Attachment
            Am 11.05.2013 14:34, schrieb Pol Hallen:
            > I don't understand.
            >
            > Situation: A real user using browser connect to squirrelmail and send a
            > mail. It's ok.
            >
            > But if this user create a mail bomb using squirrelmail how way to spam I
            > can have this problem

            well, nothing can really prevent you from bad users with valid logins
            you can only mitigate the amount of spam until you recognize what
            happens and you shut down the user account

            the problem with webmail and such limitations is that you have
            always the same client-ip and if the values are too low it
            affects users which are not responsible for spam

            so the solution is get rid of untrustable users and/or force
            them at least to use a mail-client from their own IP/machine

            anvil_rate_time_unit = 1800s
            smtpd_client_connection_rate_limit = 50
            smtpd_client_recipient_rate_limit = 400
            smtpd_recipient_limit = 100
          • Benny Pedersen
            ... remove permit_mynetworks ?, so all need to use smtp auth via sasl, if you still see spam going out, you knwo what auth to close -- senders that put my
            Message 5 of 8 , May 11, 2013
            • 0 Attachment
              Pol Hallen skrev den 2013-05-10 19:45:
              > Hi folks!
              >
              > I'm newbie and I study postfix
              >
              > What I should be use to (check) and block attempt spam from my lan to
              > internet?

              remove permit_mynetworks ?, so all need to use smtp auth via sasl, if
              you still see spam going out, you knwo what auth to close

              --
              senders that put my email into body content will deliver it to my own
              trashcan, so if you like to get reply, dont do it
            • Benny Pedersen
              ... or make DNAT iptables rule so all outgoing port 25 will go to lan postfix server on port 25 not remote deliver to mx :) -- senders that put my email into
              Message 6 of 8 , May 11, 2013
              • 0 Attachment
                Stan Hoeppner skrev den 2013-05-10 21:25:
                > This simply means creating a rule to drop all outbound TCP 25
                > connections except those originating from the IP of your Postfix MTA.

                or make DNAT iptables rule so all outgoing port 25 will go to lan
                postfix server on port 25 not remote deliver to mx :)

                --
                senders that put my email into body content will deliver it to my own
                trashcan, so if you like to get reply, dont do it
              • Stan Hoeppner
                ... It would probably be best at this point for you to describe your network, your mail usage scenario, so we can give you targeted responses. I.e. is this a
                Message 7 of 8 , May 11, 2013
                • 0 Attachment
                  On 5/11/2013 7:34 AM, Pol Hallen wrote:
                  >> And the most effective countermeasure to spam originating from devices
                  >> on the LAN has nothing to do with Postfix. As most spamware in the wild
                  >> today still attempts to send direct-to-MX, simply creating a TCP 25
                  >> egress filter at your edge router/firewall will give the best bang for
                  >> the buck. This simply means creating a rule to drop all outbound TCP 25
                  >> connections except those originating from the IP of your Postfix MTA.
                  >
                  > I don't understand.
                  >
                  > Situation: A real user using browser connect to squirrelmail and send a
                  > mail. It's ok.
                  >
                  > But if this user create a mail bomb using squirrelmail how way to spam I
                  > can have this problem.
                  >
                  > If a drop port 25, user can send any mail.
                  >
                  > Or tell me what I don't understand.

                  It would probably be best at this point for you to describe your
                  network, your mail usage scenario, so we can give you targeted
                  responses. I.e. is this a

                  1. typical office environment mail server
                  2. SOHO or personal server
                  3. university mail server
                  4. ISP mail server

                  --
                  Stan
                Your message has been successfully submitted and would be delivered to recipients shortly.