More SPAM?

[Remco Barendse]

Interesting script, might be a useful addition to the mail system.

Just wonder what would happen on Sunday night, when noone is sending out
e-mails but Daily Dilbert starts sending their mail (or any other mailing
list). With extremely low mail volumes and a mailing to several people
coming in, wouldn't this set off a false alarm?

We really have no (almost none) mail coming in over the weekend, only
mass mailings.

On Fri, 7 Nov 2003, mikea wrote:

> On Fri, Nov 07, 2003 at 10:06:57AM -0500, Denis Beauchemin wrote:
> > Hi,
>
> > We've had those compromised Windows also and it really put a high load
> > (and big backlog) on our MS servers.
>
> > I wrote a Perl script that watches my maillog every 5 minutes (root's
> > crontab) and if there are more than 80% of incoming mail from one IP
> > address it blocks it in ipchains/iptables, stops MS and sendmail,
> > removes all undelivered mail containing that IP address from the spool
> > directories, restarts MS (and sendmail) and sends an email to our
> > security group about it.
>
> > It works fine on our RH 7.3 and 9 systems.
>
> > If anyone is interested, I can post it.
>
> Yes, please. Or perhaps someone is willing to host it on a website?
>
> --
> Mike Andrews
> mikea at mikea.ath.cx
> Tired old sysadmin
>