Koozali.org: home of the SME Server

Check local emails for spam

Offline dehacked

  • 10
  • +0/-0
Check local emails for spam
« on: March 15, 2010, 07:55:42 PM »
I have found a lot of posts about local user authentication to restrict local spam but none yet about restricting SPAM on compromised trusted machines.

In my scenario, I got a call from my ISP saying we're spamming and that our domain is now blocked until we clear everything up. Nice way to start a Monday... From the logs I was able to identify and remove the compromised machines form the network. Now to remove 160k spams by keyword....

What I want to try and prevent in future is having our domain blocked when a machine is compromised. I see 2 options.

1. Limit the rate of outgoing mails per account to a reasonable amount, say 40, per hour. Regular log checks will let me know without getting my domain suspended. Anyone know how to do this?
2. Configure SPAMASSASSIN to scan local mails as well. Anyone know how to do this?
3. Option 3?

Any advise will be welcome. Please keep in mind that I'm new to Linux and understand only the most basic functions.