Scan Outgoing Mail

Discussion in 'General' started by rbartz, Aug 11, 2011.

  1. rbartz

    rbartz New Member

    What would be the best way to scan outgoing mail to check if it is spam and block it?

    Centos 5.5 Perfect Server, postfix, spamassassin, clamav, ispConfig 2.

    The incoming mail is well scanned, and using greylisting, spamassassin, clamav and so on has reduced incoming spam quite well. The problem is that a few times one or another of our email clients have sent spam, and a few times weak PHP programming has allowed spammers to compromise our server by writing PHP files to 777 directories and POSTING to them. In those cases, I think sendmail is handling the mail sending.

    What I would like to do is scan the outgoing mail with spamassassin and route emails with high scores to a directory where we can monitor them. I want to stop the emails from being sent.

    What would work best? Any ideas?

    Richard
     
  2. till

    till Super Moderator

    Thats possible with ispconfig 3 as ispconfig 3 uses amavisd. In ispconfig 2, spamassassin is invoked by procmail and procmail scripts get only executed when a email arrives in a mailbox, they can not be invoked on outgoing emails.
     
  3. rbartz

    rbartz New Member

    Thanks Till... MailScanner might be an option. I think it could be set up to scan ONLY outgoing mail and use the ispconfig spamassassin and clamAV... or perhaps we could turn OFF all the spam and av checking in ispconfig and do both with MailScanner.

    [EDIT] --- MailScanner is not really an option as we want to retain all the anti-spam and anti-virus features of ispconfig as they are on the incoming side. [/EDIT]

    Anyone else got ideas?

    Richard
     
    Last edited: Aug 12, 2011
  4. rbartz

    rbartz New Member

    Using amavisd...?

    Just looking over amavisd thinking maybe it might work as follows without messing up the standard ispConfig2 installation......? It seems it would at least work for the mail sent by forms and programs on the web server.

    Install amavisd as usual to work with ports 10024 and 10025, but configure amavisd to use the installatons of spamassassin and optionally clamAV in ispConfig.

    Do not use the ordinary way of routing all mail through amavisd but just use header checks in postfix to redirect mails with ^/ apache@localhost/ in the headers to port 10024.

    Check the redirected mail with amavisd and delete virus mails, quarantine spam with score over 5 (or?), and deliver the good mail back through 10025.

    There would probably be some redundant checks of mail from outside with apache in the header, but that is probably not a big issue?

    Any ideas, experts?
     

Share This Page