[clamav-users] clamav-milter LocalNet option / outgoing mail (Debian Wheezy)

Simon Hobson linux at thehobsons.co.uk
Sun Feb 22 16:43:41 EST 2015


OK, this is getting well off-topic for this list, this will be my final say on the matter - and from some of the other comments I see I'm not alone in considering you part of the problem.


Daniel Spies <ds20150222clam at pskx.net> wrote:

>> Recipients may not trust the tags, but it *should* stop outbound spam/infected mail should your machine (or one of the clients) get compromised. IMO spam and malware is not just something to stop coming in, it's something to porevent going out - if more networks prevented it going out then there'd be less of a problem.
> 
> It's not always black and white. I assume you're responsible for the clients you're talking about, i.e. they are your customers or colleagues.

It varies, but in the general case they may be "managed" customers (where we look after the network, servers, and clients) through to "customers only in that they use our mail servers". Regardless, all mail they send through my servers is scanned - and I do block anything that reaches a sufficient spamminess score or fails the AV checks.

> While spoon-feeding colleagues or customers may be okay for the sake of security, my clients would certainly raise hell if they would receive errors due to false positives. Most people expect their system to just work -- no matter what.

Which is one reason it's very important to make sure you are not part of the problem. Allowing a customer to sent "nasties" through your mail server is a good way of getting it blacklisted - and then it certainly doesn't "just work". I can assure you that when your server gets on a blacklist, your customers do complain - and they complain a lot louder than if you block one or two spammy messages.
The best way to stay off blacklists is to block spam and nasties at source - not just rely on the recipient to catch it later ...

> By the way: I don't even reject virus/spam mail, I just tag them. If a client is dumb enough to open the attachment of a tagged e-mail, so be it.

So you are part of the problem. It's already been said that tagging is meaningless - yet you assume it's reasonable to expect others to act on your tags.

>> On my systems I scan *everything*, and I firewall off everything I can - including preventing outbound connections to port 25.
> 
> I am not in the situation where all my clients sit in a firewalled private network; it's more the free-mail kind of situation. What and when my clients send e-mail is non of my concern, as long as they do it in common dimensions, i.e. in a way that matches a real person.

Most of the customers are also not on managed networks. But on my own systems I block outbound connections to port 25 other than what's needed (actually, I mostly have a "block everything and allow what's needed" policy). It's all part of a layered approach - you protect your systems, but you also add a layer that limits the damage if they do get compromised.

> However, rejecting outgoing e-mail right away is not an option, which ultimately makes the scanning of these messages redundant.

Which makes you part of the problem.




More information about the clamav-users mailing list