Educause Security Discussion mailing list archives
Re: Filtering outgoing email
From: Joe Vieira <jvieira () CLARKU EDU>
Date: Tue, 23 Jun 2009 10:46:52 -0400
We do two things here. Both of which work VERY well, both are free and have been super reliable. the first of which is http://code.google.com/p/anti-phishing-email-reply/ the use of this. We loop outgoing mail thru another postfix instance to filter based off this project's list of phishing reply addresses. If you mail to a known phisher, your mail gets dropped. good protection. the second is a script that runs a looks for a high number of bounced messages, a sure sign that you're spamming. if you exceed the threshold your account gets locked and you can't send more mail. to stop the bleeding. We have only had one compromised account since we put the anti-phishing reply stuff in place, and it was caught and cleaned automatically less than an hour after it happened, we sent less than 1000 spam's which is pretty dang good. if anyone is interested in using either of these processes, I'm happy to share code / set up instructions. Joe Vieira Manager Systems Administration Clark University - ITS Gregg, Christopher S. wrote:
We're using MailMarshal to watch for spikes in e-mail traffic, and we're moving forward with plans to filter outbound e-mail in general using the tool as well. The thinking is that it will add two additional checks against phishing schemes. One, it might catch the initial response to the phishing e-mail (because no amount of education seems to be able to stop all responses) and two, it should help stop or slow the use of the compromised account to send spam. Our testing has shown that we will catch a small amount of legitimate (human sent, non-spam) traffic each day with such a solution, but it does not appear to be critical business or academic related content. I think a couple of years ago our community would have been hesitant to filter outgoing mail, but with all of the phishing and being blacklisted by various providers over the last 12-24 months I think people will be OK now. Chris Chris Gregg Director of Information Technology Information Resources and Technologies University of St. Thomas 2115 Summit Avenue St. Paul, Minnesota 55105 csgregg () stthomas edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kellogg, Brian D. Sent: Tuesday, June 23, 2009 7:01 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Filtering outgoing email We've been the victim of a phishing scam that made it through our incoming spam filter. The phisher used the compromised accounts to send spam via Outlook Web Access. Just wondering what inexpensive/reliable methods others are using to filter outbound email and catch any accounts showing a huge volume of outbound spam. Thanks... Thank you, Brian Kellogg Network Services Manager St. Bonaventure University 716-375-4092
Current thread:
- Filtering outgoing email Kellogg, Brian D. (Jun 23)
- <Possible follow-ups>
- Re: Filtering outgoing email Pete Hickey (Jun 23)
- Re: Filtering outgoing email Gregg, Christopher S. (Jun 23)
- Re: Filtering outgoing email Joe Vieira (Jun 23)
- Re: Filtering outgoing email HALL, NATHANIEL D. (Jun 23)
- Re: Filtering outgoing email Gary Flynn (Jun 23)
- Re: Filtering outgoing email Roger Safian (Jun 23)
- Re: Filtering outgoing email Charles Seitz (Jun 23)
- Re: Filtering outgoing email Joe Vieira (Jun 23)
- Re: Filtering outgoing email Jeremy Mooney (Jun 23)
- Re: Filtering outgoing email Roger Safian (Jun 23)
- Re: Filtering outgoing email Roger Safian (Jun 23)
- Re: Filtering outgoing email Irish, Adrian L (Jun 23)
- Re: Filtering outgoing email Jesse Thompson (Jun 24)
(Thread continues...)