mass email detection rule

Julian Field mailscanner at ecs.soton.ac.uk
Sun Sep 5 11:46:41 IST 2004


<x-flowed>
See the IP Blocking code in CustomConfig.pm. This more or less already does
what you want.
There are a load of comments in
/usr/lib/MailScanner/MailScanner/CustomConfig.pm. Look for
         IPBlock
and you'll find it all. It works with the sendmail access db at the moment.

At 07:22 05/09/2004, you wrote:
>Hi
>
>At times our mail server gets bombarded with 1000+ spam emails from the same
>recipient (well a fake hotmail address). Surely there must be a rule that
>go's like this
>
>  if someone tried to spam mailboxes on the server more that 30 per minute
>then they will get blocked for 24 hours
>
>or even better
>
>  if anyone tried to send more that 30 emails per minute for 5 consecutive
>minutes they will get blocked for 7 days
>
>I suppose the times could be adjusted
>
>
>
>or something like that?
>
>Kind Regards
>
>Stuart Clark
>Director
>Spacelink Communications Pty Ltd
>Ph. 98570800 Fx. 98597577
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>



More information about the MailScanner mailing list