[clamav-users] clamav-milter LocalNet option / outgoing mail (Debian Wheezy)
ds20150222clam at pskx.net
Sun Feb 22 15:09:57 EST 2015
On 02/22/2015 10:08 AM, Simon Hobson wrote:
> Recipients may not trust the tags, but it *should* stop outbound spam/infected mail should your machine (or one of the clients) get compromised. IMO spam and malware is not just something to stop coming in, it's something to porevent going out - if more networks prevented it going out then there'd be less of a problem.
It's not always black and white. I assume you're responsible for the
clients you're talking about, i.e. they are your customers or
colleagues. While spoon-feeding colleagues or customers may be okay for
the sake of security, my clients would certainly raise hell if they
would receive errors due to false positives. Most people expect their
system to just work -- no matter what.
By the way: I don't even reject virus/spam mail, I just tag them. If a
client is dumb enough to open the attachment of a tagged e-mail, so be it.
> On my systems I scan *everything*, and I firewall off everything I can - including preventing outbound connections to port 25.
I am not in the situation where all my clients sit in a firewalled
private network; it's more the free-mail kind of situation. What and
when my clients send e-mail is non of my concern, as long as they do it
in common dimensions, i.e. in a way that matches a real person.
> At work I run mail servers that are used by customers - including as smart relays. It's not all that uncommon to find one of the customer compromised and sending out thousands (or millions) of spam emails - so my latest server also does rate limiting to limit the damage done before it gets spotted and blocked.
Rate limiting is certainly a good idea to mitigate the damage that's
being done by a compromised client. Manual intervention might still be
necessary, possibly after automated sanctions (e.g. consistently
lowering the rate limit for a misbehaving client). However, rejecting
outgoing e-mail right away is not an option, which ultimately makes the
scanning of these messages redundant.
More information about the clamav-users