SpamAssassin filtering on outgoing emails

Not sure if this has been covered before, I did a search but didn’t turn up anything :frowning: I’m looking for a way of getting SpamAssassin to scan for (and reject) outgoing spam from a server.

We’ve had a couple of instances where email accounts have been compromised (both through speak phishing attacks) and on both occasions we had to deal with the mitigations team at Microsoft to get the server IP removed from their blacklist.

I think (please correct me if I’m wrong!) that having SpamAssassin scan outgoing emails would have prevented obviously spam emails from getting sent by the server in the first place?

Am I right? Can anyone point me in the right direction?

Cheers,
Chris

Sympl really isn’t set up for filtering outgoing mail like that, and you may need to make some changes to the Exim config to get it to pass all mail through SpamAssassin, although you’re likely going to end up with problems with false positives.

Apart from enforcing unique strong passwords, you could also set a rate limit on the mailboxes or domain which should slow things down in the event that a mailbox is compromised.

I thought that would be the case, rate-limiting seems to be the best option - along with monitoring the volume of emails in the mail queue for unusual spikes and acting on alerts quickly :smiley:

Cheers,
Chris