[clamav-users] clamav-milter LocalNet option / outgoing mail (Debian Wheezy)

Simon Hobson linux at thehobsons.co.uk
Sun Feb 22 04:08:49 EST 2015


Daniel Spies <ds20150222clam at pskx.net> wrote:

> In my opinion, it doesn't make any sense to scan e-mail leaving the server. The recipient will never trust these tags anyway. So why scan at all? It's important to scan incoming mail, be it from a local or an external client.

I disagree.
Recipients may not trust the tags, but it *should* stop outbound spam/infected mail should your machine (or one of the clients) get compromised. IMO spam and malware is not just something to stop coming in, it's something to porevent going out - if more networks prevented it going out then there'd be less of a problem.

On my systems I scan *everything*, and I firewall off everything I can - including preventing outbound connections to port 25.

At work I run mail servers that are used by customers - including as smart relays. It's not all that uncommon to find one of the customer compromised and sending out thousands (or millions) of spam emails - so my latest server also does rate limiting to limit the damage done before it gets spotted and blocked.




More information about the clamav-users mailing list