[ngw] Ways to prevent internal users from spamming via SMTP?
gert at gwcheck.com
Tue Sep 11 18:33:27 UTC 2012
GWAVA or other vscan that scans the GWIA or it domain.
On Tue, Sep 11, 2012 at 7:16 PM, David Gerisch <DEGerisch at co.tulare.ca.us>wrote:
> Can you set your outbound traffic to go through your anti-spam gateway,
> looking for spam in either direction? You could then put your current
> script on a six hour cron job, and not have to figure out which log file is
> the current one. Just search them all.
> >>> "Ben Knorr" <bknorr at westminstercollege.edu> 09-11-2012 08:23 >>>
> Theoretically, if every two weeks a user's account is hijacked via
> infected personal computer with IMAP/SMTP client, and it starts sending
> thousands of messages per hour- what might be the best ways to detect this
> and to stop it automatically?
> In theory, we've got a script that parses GWIA logs, looking for unique
> messages that are sent on a daily basis. Even for high-usage users, it
> might be less than 20 per day. The violators, it seems, might be sending
> messages in the thousands to tens of thousands per day. This script we have
> is fine, in that when we run it, it tells us which account is the problem.
> The only problem with this, is that it requires a bit more scripting to get
> it to go automatically and to page/text an admin to alert them to disable
> the user. From what I've read in the GroupWise docs, the anti-spam and
> mailbomb protection stuff is all geared towards malicious users from
> outside of the organization. In our case, my question pertains to malicious
> users (at least honest accounts which are used maliciously by third
> parties) from within the organization. It would be best to throttle users
> mail throughput after they hit a certain threshold, without requiring
> manual intervention.
> Any thoughts, tips, suggestions?
> ngw mailing list
> ngw at ngwlist.com
More information about the ngw