Re: Outbound mail filtering

Jon Simola wrote:

On 2/9/06, Gregory T Pelle <gregp@xxxxxxxxxxxx> wrote:



What is the recommended setup for outbound spam filtering?



On your router, forward all port 25 connections to your filtering
server except those from your filtering server, as well as other
standard firewalling for a webserver. I'd also use some sort of
throttling to cut off any machines that exceed an amount that you set
per machine (big paying customer website vs $2/month cheap user).

I'd recommend qmail on the filtering machine (my preference, I've not
used anything else). I've used qmail-scanner before for spamassassin
and virus scanning, simscan is supposed to be just as good and maybe a
bit faster. Also check out the spamcontrol patch.



After your setup has determined that the mail is spam, what do you use
to quarentine it? In my testbed, I have a setup using sendmail, clamav,
and spamassassin that classifies the mail, but does not perform the
quarentine function. The tools that I have found to quarentine email
expect that the mail is going to be delivered to your users (which in
this instance is not always the case).

I know I am not going to catch 100% of all spam, but I would like to
catch most.

I also plan on setting up firewall rules on the servers to block all
outbound smtp traffic unless it is going to my filtering server.



I would do that on a router in front of the web servers, as comprimise
of a webserver would most likely lead to the attacker disabling the
firewall to send spam. Seperate tasks, web servers should serve web
pages, routers and firewalls should be seperate from the servers
they're protecting.



I would agree that a router would be more secure, but I am limited to
what hardware I have on hand.

Any suggestions? Am I missing something?



Stuffing your servers into a DMZ makes things easier to secure and
harder to use.

--
Jon Simola
Systems Administrator
ABC Communications
_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"


_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Help In network configuration.
    ... port of a router. ... 2] I will run a cable from Internal Port of router to the ... external port of firewall. ... Servers Switch. ...
    (microsoft.public.win2000.networking)
  • Re: Is this a wise configuration?
    ... A have a single DSL connection to the internet at my house. ... connection goes through a router, ... With this many "test" servers running, however, there are many ... Generally referred to as "DMZ" when you search for firewall info ...
    (comp.os.linux.networking)
  • Re: Newbie network setup question
    ... > and mail servers, since thats what the static IP is for. ... > static IP go to both the WAN and LAN sides of the router? ... I assume that from behind the firewall, ... external interface, and could use the 192.168.x.x on the internal interface ...
    (comp.os.linux.networking)
  • RE: Slow user logon on Terminal server after migration to Windows 2003
    ... The Terminal Servers are 2000 or 2003. ... "Inside the firewall zone" means that the Citrix Servers have a firewall ... available RPC ports? ...
    (microsoft.public.windows.server.active_directory)
  • Re: medical records, web server, & stateful firewall vs packet filter
    ... > image and SQL servers directly (the image server link in particular ... The image and SQL servers ... the 2 firewall layers should run different s/ware - the idea is that a major ... security always cost a lot more than you expect (this comes up whenever we ...
    (comp.dcom.sys.cisco)