[Mimedefang] OT: control internal spam
Kenneth Porter
shiva at sewingwitch.com
Tue May 3 19:00:34 EDT 2005
--On Tuesday, May 03, 2005 5:05 PM -0500 -ray <ray at ops.selu.edu> wrote:
> Any ideas on how to combat this? Obviously we have to allow SMTP for
> internal legit clients on our network. Is SMTP AUTH the answer? Or pop
> before SMTP? (currently not using these). Some kind of rate limiting per
> IP? Just looking for any ideas...
The AUTH will identify the sender but not prevent the occurrence (except by
deterrence). Rate limiting is probably your best bet. You can combine the
two to limit by authenticated ID. You can then whitelist those authorized
to send bulk. I'd suggest a token bucket limiter. Maybe count all messages
to a given recipient once, to allow for rapid correspondence with the same
person.
Are you running SpamAssassin on your outbound traffic? Even if you don't
use it for filtering, you could use it to weight the limiter.
More information about the MIMEDefang
mailing list