running an email system using roundcube, with about 200 people using it.
99% of them do as they are told and only email clients they have already spoken to, however 1% of them decide to bulk spam bcc emails, which then tripped an aol filter and almost got us banned from our host.
I have disabled the guys account but I am worried about something similar happening in the future, what would be the best way to stop this?
I read that if aol recieve 3 emails within 60 seconds from the same ip address then its an instant ban, so i am guessing with the big companies like google, their email accounts must have different ip addresses? and if so is there any way to implement a similar feature?
Also i have spam assasin enabled, in this case what would be the best configuration for it?
-
Depending on the MTA you are using you can throttle the users.
From topdog -
Policyd for Postfix makes it possible to throttle users, is quite straightforward to set up and is easy on server resources.
HOWEVER...
This used to be very effective, but with the latest trends of spamming techniques throttling is now trickier; a common technique seems to be to steal the account information by using some malware, and login as that user.
Then the spammers just login, send out an e-mail with 50 or so recipients, log off, wait for a while, and login from another IP address, repeating the process with the same or another user account. Often the e-mail itself looks clean, it can be a copy of some press release or something not-so-easy to catch.
How to throttle those? Stopping unauthenticated spam is doable, but stopping a (in theory) trusted user ain't easy. I've been pondering about that, too. Setting up recipient restrictions can be harmful for normal users -- someone easily can add 50 recipients if sending out an invitation to a birthday/wedding party or something similar and completely innocent.
So, first you need to figure out if it's a human or a bot trying to send spam.
One way to do that is to utilize Apache's mod_security and make it lookup RBL lists. If users IP is at some banned list, don't allow a login straight away, but present a CAPTCHA or something similar first. If CAPTCHA is solved, then add users IP address to a local whitelist and allow the login.
This is easier than it sounds; relax mod_security only to perform RBL lookups and not do much else, and then set it up to first look at the your local IP address whitelist file. If the address is not found in there but it's present in some global blacklist, then return http code 403 (permission denied). Configure your Apache's 403 page to be that CAPTCHA page.
James : its a human sending the spam, but they are not trying to send spam. They are sending emails to multiple people that they know, just from an address that those people do not know they have.From Janne Pikkarainen -
From RoundCube config:
// Maximum number of recipients per message. Default: 0 (no limit) $rcmail_config['max_recipients'] = 0;
set it to a reasonable number. It's not panacea, but it's always enough to stop your users from mailing dozens of people at a time.
Janne Pikkarainen : What if someone decides to send out a wedding invitation or something similar to all of his/her friends? In that case dozens of recipients can be a completely normal thing.James : problem is more when they send to lots of recipients of webmail addresses such as aol, hotmail, yahoo, gmail etc. often they will send emails to lots of people on our own system which is allowedLuke404 : You can't solve any spam problem algorithmically. Go run your outgoing email through some spam filters (but a tipical spamassassin configuration will need lots of tweaks imho since it's geared towards incoming internet mail), but when that's not enough you will end up having to kick some customer's a%% :) - user education is the first and most effective weapon against spam.From Luke404
0 comments:
Post a Comment