More SPAM?

mikea mikea at MIKEA.ATH.CX
Fri Nov 7 15:13:30 GMT 2003


On Fri, Nov 07, 2003 at 10:06:57AM -0500, Denis Beauchemin wrote:
> Hi,

> We've had those compromised Windows also and it really put a high load
> (and big backlog) on our MS servers.

> I wrote a Perl script that watches my maillog every 5 minutes (root's
> crontab) and if there are more than 80% of incoming mail from one IP
> address it blocks it in ipchains/iptables, stops MS and sendmail,
> removes all undelivered mail containing that IP address from the spool
> directories, restarts MS (and sendmail) and sends an email to our
> security group about it.

> It works fine on our RH 7.3 and 9 systems.

> If anyone is interested, I can post it.

Yes, please. Or perhaps someone is willing to host it on a website?

--
Mike Andrews
mikea at mikea.ath.cx
Tired old sysadmin



More information about the MailScanner mailing list