Educause Security Discussion mailing list archives
Re: Filtering outgoing email
From: Jesse Thompson <jesse.thompson () DOIT WISC EDU>
Date: Wed, 24 Jun 2009 10:29:07 -0500
Kellogg, Brian D. wrote:
We've been the victim of a phishing scam that made it through our incoming spam filter. The phisher used the compromised accounts to send spam via Outlook Web Access. Just wondering what inexpensive/reliable methods others are using to filter outbound email and catch any accounts showing a huge volume of outbound spam. Thanks...
I wrote up these instructions on how to rate limit outbound spam using Sun Messaging Server. http://wikis.sun.com/display/CommSuite/Protecting+Against+Spammers+who+Compromise+Messaging+Server+User+Accounts#ProtectingAgainstSpammerswhoCompromiseMessagingServerUserAccounts-RateLimitingOnlyOutgoingSpam The idea is that you assume that there will be false positives, so you can't reject all outbound spam; and you assume that you will have users sending out legitimate mass mailings, so you can't rate limit all outbound mail. The solution: rate limit only the outbound spam. Jesse -- Jesse Thompson Division of Information Technology, University of Wisconsin-Madison Email/IM: jesse.thompson () doit wisc edu
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: Filtering outgoing email, (continued)
- Re: Filtering outgoing email Joe Vieira (Jun 23)
- Re: Filtering outgoing email HALL, NATHANIEL D. (Jun 23)
- Re: Filtering outgoing email Gary Flynn (Jun 23)
- Re: Filtering outgoing email Roger Safian (Jun 23)
- Re: Filtering outgoing email Charles Seitz (Jun 23)
- Re: Filtering outgoing email Joe Vieira (Jun 23)
- Re: Filtering outgoing email Jeremy Mooney (Jun 23)
- Re: Filtering outgoing email Roger Safian (Jun 23)
- Re: Filtering outgoing email Roger Safian (Jun 23)
- Re: Filtering outgoing email Irish, Adrian L (Jun 23)
- Re: Filtering outgoing email Jesse Thompson (Jun 24)
- Re: Filtering outgoing email Todd Clementz (Jun 24)