Fwd: RE: Dealing with MailScanner overloads

Ulysees Ulysees at ULYSEES.COM
Sun Sep 14 14:19:16 IST 2003


> The only question I have is regarding the relay address as being the right
> one to block.   For example, I run a primary mail server with my ISP
acting
> as secondary MX.   All my Sobig.F emails went to their mail server,
because
> Sobig.F went for the highest MX value, and then got relayed on to me.
>
> This code would then result in me blocking my own fallback MX server, and
I
> think this is not an uncommon situation?

I think this code could be usefull, however you would need to be able to
give it few hints, eg
1000 mails in an hour from othersite.mycorp.com is fine
100 mails in an hour from spam.spam.spam.spamity.spam.com is not normal
behavior & should be blocked.
really just a black/whitelist which sets a limit on mails per hour from a
host

It would also be very important that when the block is put in place that it
could trigger a notification to postmaster to advise them of what just
happened.


Uly



More information about the MailScanner mailing list