Re: Filtering outgoing email

[Joe Vieira <jvieira () CLARKU EDU>]

We do two things here.

Both of which work VERY well, both are free and have been super reliable.

the first of which is
http://code.google.com/p/anti-phishing-email-reply/ the use of this. We
loop outgoing mail thru another postfix instance to filter based off
this project's list of phishing reply addresses. If you mail to a known
phisher, your mail gets dropped. good protection.

the second is a script that runs a looks for a high number of bounced
messages, a sure sign that you're spamming. if you exceed the threshold
your account gets locked and you can't send more mail. to stop the
bleeding. We have only had one compromised account since we put the
anti-phishing reply stuff in place, and it was caught and cleaned
automatically less than an hour after it happened, we sent less than
1000 spam's which is pretty dang good.

if anyone is interested in using either of these processes, I'm happy to
share code / set up instructions.

Joe Vieira
Manager Systems Administration
Clark University - ITS

Gregg, Christopher S. wrote:
> We're using MailMarshal to watch for spikes in e-mail traffic, and we're moving forward with plans to filter outbound 
> e-mail in general using the tool as well.  The thinking is that it will add two additional checks against phishing schemes.  One, 
> it might catch the initial response to the phishing e-mail (because no amount of education seems to be able to stop all 
> responses) and two, it should help stop or slow the use of the compromised account to send spam.  Our testing has shown that we 
> will catch a small amount of legitimate (human sent, non-spam) traffic each day with such a solution, but it does not appear to 
> be critical business or academic related content.
>
> I think a couple of years ago our community would have been hesitant to filter outgoing mail, but with all of the 
> phishing and being blacklisted by various providers over the last 12-24 months I think people will be OK now.
>
> Chris
>
> Chris Gregg
> Director of Information Technology
> Information Resources and Technologies
> University of St. Thomas
> 2115 Summit Avenue
> St. Paul, Minnesota 55105
> csgregg () stthomas edu
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kellogg, 
> Brian D.
> Sent: Tuesday, June 23, 2009 7:01 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Filtering outgoing email
>
> We've been the victim of a phishing scam that made it through our incoming spam filter.  The phisher used the 
> compromised accounts to send spam via Outlook Web Access.  Just wondering what inexpensive/reliable methods others are using 
> to filter outbound email and catch any accounts showing a huge volume of outbound spam.  Thanks...
>
>
>
> Thank you,
>
> Brian Kellogg
> Network Services Manager
> St. Bonaventure University
> 716-375-4092