Educause Security Discussion mailing list archives

Re: Filtering outgoing email

From: Jesse Thompson <jesse.thompson () DOIT WISC EDU>
Date: Wed, 24 Jun 2009 10:29:07 -0500

Kellogg, Brian D. wrote:

We've been the victim of a phishing scam that made it through our
incoming spam filter.  The phisher used the compromised accounts to send
spam via Outlook Web Access.  Just wondering what inexpensive/reliable
methods others are using to filter outbound email and catch any accounts
showing a huge volume of outbound spam.  Thanks...


I wrote up these instructions on how to rate limit outbound spam using
Sun Messaging Server.

http://wikis.sun.com/display/CommSuite/Protecting+Against+Spammers+who+Compromise+Messaging+Server+User+Accounts#ProtectingAgainstSpammerswhoCompromiseMessagingServerUserAccounts-RateLimitingOnlyOutgoingSpam

The idea is that you assume that there will be false positives, so you
can't reject all outbound spam; and you assume that you will have users
sending out legitimate mass mailings, so you can't rate limit all
outbound mail.  The solution: rate limit only the outbound spam.

Jesse

--
  Jesse Thompson
  Division of Information Technology, University of Wisconsin-Madison
  Email/IM: jesse.thompson () doit wisc edu

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Current thread:

Re: Filtering outgoing email, (continued)
- Re: Filtering outgoing email Joe Vieira (Jun 23)
- Re: Filtering outgoing email HALL, NATHANIEL D. (Jun 23)
- Re: Filtering outgoing email Gary Flynn (Jun 23)
- Re: Filtering outgoing email Roger Safian (Jun 23)
- Re: Filtering outgoing email Charles Seitz (Jun 23)
- Re: Filtering outgoing email Joe Vieira (Jun 23)
- Re: Filtering outgoing email Jeremy Mooney (Jun 23)
- Re: Filtering outgoing email Roger Safian (Jun 23)
- Re: Filtering outgoing email Roger Safian (Jun 23)
- Re: Filtering outgoing email Irish, Adrian L (Jun 23)
- Re: Filtering outgoing email Jesse Thompson (Jun 24)
- Re: Filtering outgoing email Todd Clementz (Jun 24)