Loading ...
Sorry, an error occurred while loading the content.

Right way to evaluate a Outbound Spam prevention product

Expand Messages
  • Abhijeet Rastogi
    Hi all, - Current y, for outbound spam protection, I use combination of header checks, rbls, a commercial product that works as a milter. - Now, I need to
    Message 1 of 3 , Jul 1, 2013
    • 0 Attachment
      Hi all,

      - Current'y, for outbound spam protection, I use combination of header checks, rbls, a commercial product that works as a milter.
      - Now, I need to evaluate another product which doesn't work as a milter & I've to authenticate via SSL to their SMTP server and relay all mails via them.

      The deal is to accurately determine which spam solution performs better. For that I'll need to duplicate traffic and send it to both, my local and this new spam solution. This is going to be tricky because I need the mail to be received only once at the recipient side (so can't use always_bcc) but I want it to be scanned via two different spam solutions.

      Can anyone guide me as to how do I proceed? What are the possible ways to achieve this? Thanks

      --
      Regards,
      Abhijeet Rastogi (shadyabhi)
      http://blog.abhijeetr.com
    • Jeroen Geilman
      ... If all this new solution will be doing is content scanning (as opposed to sender/recipient white/blacklisting, IP reputation, DNSBLs etc), simply
      Message 2 of 3 , Jul 1, 2013
      • 0 Attachment
        On 07/01/2013 07:24 PM, Abhijeet Rastogi wrote:
        > Hi all,
        >
        > - Current'y, for outbound spam protection, I use combination of header
        > checks, rbls, a commercial product that works as a milter.
        > - Now, I need to evaluate another product which doesn't work as a
        > milter & I've to authenticate via SSL to their SMTP server and relay
        > all mails via them.
        >
        > The deal is to accurately determine which spam solution performs
        > better. For that I'll need to duplicate traffic and send it to both,
        > my local and this new spam solution. This is going to be tricky
        > because I need the mail to be received only once at the recipient side
        > (so can't use always_bcc) but I want it to be scanned via two
        > different spam solutions.
        >
        > Can anyone guide me as to how do I proceed? What are the possible ways
        > to achieve this? Thanks

        If all this new solution will be doing is content scanning (as opposed
        to sender/recipient white/blacklisting, IP reputation, DNSBLs etc),
        simply always_bcc it to a blanket test@yourdomain, transport(5) it to
        the new filter, and then back to your own MTA, and devnull it there, or
        store it to see what was filtered.

        A slightly more advanced implementation of the above would be a
        relay_domains with a regex'ed or localpart-only relay_recipient_maps to
        transcribe all recipients from user@originaldomain to
        user@..., and do the same as above.

        Otherwise, not delivering duplicates will be a nigh-on impossible task,
        unless you are prepared to temporarily switch the solutions (with the
        new one becoming the active one) and discard your own copies.
        Note that this won't be any better than simply switching to the new
        solution.

        Also note that having your email scanned in its entirety by a third
        party is not the most secure of implementations. To say the least.


        --
        J.
      • Wietse Venema
        ... Use two special-purpose BCC addresses. Deliver one BCC address through the existing filter, and deliver the other BCC address through the new filter
        Message 3 of 3 , Jul 1, 2013
        • 0 Attachment
          Abhijeet Rastogi:
          > Hi all,
          >
          > - Current'y, for outbound spam protection, I use combination of header
          > checks, rbls, a commercial product that works as a milter.
          > - Now, I need to evaluate another product which doesn't work as a milter &
          > I've to authenticate via SSL to their SMTP server and relay all mails via
          > them.
          >
          > The deal is to accurately determine which spam solution performs better.
          > For that I'll need to duplicate traffic and send it to both, my local and
          > this new spam solution. This is going to be tricky because I need the mail
          > to be received only once at the recipient side (so can't use always_bcc)
          > but I want it to be scanned via two different spam solutions.
          >
          > Can anyone guide me as to how do I proceed? What are the possible ways to
          > achieve this? Thanks

          Use two special-purpose BCC addresses. Deliver one BCC address
          through the existing filter, and deliver the other BCC address
          through the new filter (perhaps using transport_maps). Then, you
          can see if there are differences in the mail that these addresses
          receive.

          I don't think that always_bcc and *_bcc_maps support adding multiple
          BCC addresses, but you can use always_bcc to add the first BCC
          address, and then use virtual_alias_maps to add the second BCC
          address.

          /etc/postfix/main.cf:
          always_bcc = user1@example
          virtual_alias_maps = hash:/etc/postfix/virtual

          /etc/postfix/virtual:
          user1@example user1@example, user2@example

          Wietse
        Your message has been successfully submitted and would be delivered to recipients shortly.