MPP and Beyond

MPP is and excellent tool to find outbound spammers as well as abusers of your email servers. If you are an ISP you know how much of a pain in the neck it is when your servers get blacklisted by big email providers like GMAIL or AOL.

Often times you are blocked because your users are sending too much email to the services. The problem is that the email that you are sending could be legitimate or it could be spam, but since you can’t control how your customers forward email to these services putting in a spam scanner is not going to help the problem.

This is where MPP’s thresholds, rate detection and limiting technologies come in handy. With MPP you can define thresholds to watch for. Thresholds have 3 detection components; number of messages, number of spam messages and time period. For this application, the number of spam messages is not relevant since spam is not the problem this scenario - the problem is legitimate email. So you can define policies like this:

60 emails in 30 seconds with 0 spams
or
10 spams out of 10 messages in 30 seconds

Once a threshold is crossed then MPP can take multiple actions; block, warn, quarantine or defer. Defer only works with Postfix, but it works with both our policy server and content-filter so we can defer email within the Postfix queue or we can defer external hosts. If defer doesn’t solve your problems then you can also quarantine traffic, block it or simply warn an administrator.

Like all features, Thresholds can be defined on a per-domain or per-direction basis. In other words, you can restrict the checking to outbound only traffic for select domains. You can also exempt IP’s from threshold checking if need be.

Thresholds are part of the MPP Enhanced core and the new Postfix Toolbox

Technorati Tags: outbound spam, email security, spam, postfix, email rate limiting, antispam, MPP, message partners