We have been using Ironmail for many many years for corporate protection against inbound spam... I am now looking for a non corporate spam detection control system...
Basically, on some sites, we allow BYOD to access the internet across a dedicated link not connect to corp. Only problem is how to control the use of SMTP but not block it. In the past, we had a station infected that start spamming so we block smtp completely. Now, with all those BYOD, we have a lot of pressure to reopen SMTP.
Any help will be appreciated...
Why not filter your outgoing SMTP? There's a few software that are transparent to end users.
Here's a Wikipedia article: http://en.wikipedia.org/wiki/Anti-spam_techniques#Outbound_spam_protection
Yes, this is what I start looking at after my post. MailChannel charge by the nomber of e-mail. I am looking for a cheap, maintenance free solution.
I have start looking at Antamedia, Endian and Traffic Inspector. There is also ASSP, ClamSMTP and Caspian I am looking at.
An SMTP Transparent Proxy that would look at the rate of email and block any sender over 1 mail/min would just do it for us I think.
Haven't heard of MailChannels, but I know from battling this problem at a hosting company (previous $job), it's a tough one. ASSP and other open source options are (or at least were as of seven months ago) not suited for outbound spam filtering, and you'll spend months pulling your hair out and not getting anywhere. Don't kid yourself that a bit of rate limiting will fix the problem... spammers are a whole lot craftier than you could imagine... Just my $0.02 - good luck and please share your findings with us.
Unfortunately you are going to have a tough fight on this one, however, and i say this tentatively, there is a way on the ironmail to do this. The odds are that it will cause unexpected issues, but you can set up the Anomoly Detection to block/alert based on the number of emails from the same sender within a specific timeframe. BE WARNED: If you choose to try it, then start off with a BIG number, I would say 10,000/hr, because you might be surprised at what you start blocking i.e. firstname.lastname@example.org, however most spambots tend to blast out as much as they can so using large numbers is typically the best approach.
This has always been a difficult issue with ironmail simply because on one hand we tell it to accept all mail as a relay from this ip address regardless of content, but on the other hand we want it to block anything with this content using severely crippled anti-spam capability from the same IP..... The ironmail will not do any RBL, spoof rejection, DSC, bayesian, etc.... lookups on ips that are listed as relays on the internal servers list.on 11/6/12 12:44:17 AM CST
Think of this as a free HotSpot service for our customers. We don't control the devices and just want to limit the risk of spamming/virus going wild as it happend once before.. Investment and management time has to be minimal. And since we have 20 site with that kind of setup, it has to be cheap!
We manage the internal network wth multiple layers of AV, filter block, IronMail anti-spam etc and it take time, multiple times a day to manage... Either we will have to outsource (recurrent fee) or find a 50-75% effective, cheap solution...
Ce message a été modifié par: DBO on 06/11/12 09:29:09 CST
@DBO, redirecting clients to a relay (e.g. Postfix) will break many mail clients, for a few reasons: 1) Lots of corporate users have strict SSL certificate checking when they try to connect to their remote SMTP server, and your Postfix box isn't going to return the right certificate information; 2) this just pushes the problem on to the Postfix queue (in terms of having to track sender behavior); and 3) the original IP of the client machine won't be respected, so your Postfix box is going to quickly get blacklisted. How are you going to analyze the queue logs to figure out which customer has a spam bot loaded onto his machine?
Why not grab an actual transparent SMTP proxy, load it up in a colo facility, and then use VPN tunnels to move port-25 traffic from your hot spot networks over to the central transparent proxy? You probably have VPN-capable equipment already at each of your 20 sites, so it's just a matter of redirecting the traffic into some tunnels.
Again, my $0.02, but hopefully I can save you some pain here.
Interesting. I was more looking at BYOD users accessing their ISP SMTP server but who would do that instead of goins with WebMail??? Accessing Corp SMTP server is a much more likely scenario.. Any info/experience on SMTP Transparent Proxy? Brand / software you have used / are using?
@DBO, you'd be shocked how many idiots there are sitting on networks... A friend who works at <large American telco> in their security dept. said that they routinely get complaints from users who are trying to connect to port 25. Why don't they learn about port 587, or just use webmail? Beats me...
I wasn't directly involved in the transparent SMTP proxy set up at my old $work, but I asked a colleague there and he suggested you contact "Eleven". Ask for Guido (pronounced "ghee-dough") and mention "Frank" referred you - he ought to remember as it was a big deal for them. +49 30 52 00 56 0. Good luck!