Blocking outbound spam and viruses with ASL

November 21, 2012

Written by: Michael Shinn

How do you prevent outbound spam and viruses from being sent from your server?  Just enable the FW_OUTPUT_MTA feature in ASL.

This feature will block all outgoing email thats does not pass through your local mail server. You might ask why would you need or want to do this? If a bad guy, or even one of your users, installs software that can send mail directly from your system that software could be used to send spam, viruses and other bad things. These days, if you have software like that on a server you will very likely get your servers IP address(es) added to a blacklist, and getting off these blacklists can be very difficult do – especially if you have repeat problems.

This feature in ASL will only allow mail outgoing from your server if it originates from the mail server on the system. Now how can this help with the problem above? If you have antispam and antivirus software setup to scan email passing through your mail server, spamassassin and clamd for example, they can both detect and most importantly prevent outgoing spam and viruses from leaving your system.

Another added advantage is load control. Most modern mail server software can be configured to throttle itself.  That is to only send so much mail in a period of time, or to slow down if the server is getting overloaded.  Tou can use this to prevent your users, or bad guys if they were to compromise an account/domain, from overloading the server via a script/application thats sending lots of mail.  Theres also another added plus : your local mail server is a robust mail server, so if your users use that instead of some application to handle sending mail outbound, they get the added advantage of higher reliability, versus having to rely on their application to resend email messages that may not have gone through or got temporarily rejected (greylisting for example).

All users have to do is configure their software to use the local mail server, and all your have to do is enable the FW_OUTPUT_MTA feature.

A simple solution to stop spam and viruses from being sent by your server.  To read more about this ASL feature, please follow the URL below:

https://www.atomicorp.com/wiki/index.php/ASL_firewall#FW_OUTPUT_MTA


Protect Your Server Now

©2015 Atomicorp, All Rights Reserved

twitterfacebook