Dam spam from web server nee dlimit

[Rob Morin]

Hello all...

I have a couple hosted websites that have exploitable forms, that can be 
used to spam. i contact the person(s) as soon as i find out it is being 
exploited and remove the offending form/script, whatever...

but by this time the damage is done. I have all email from my webserver 
that goes out to go to my MX server running MS with postfix. now it 
catches some of the spam as usual, but some not. Now some of the emails 
come with over 25 recipients in the To  field. my question is how am i 
suppose to limit this...??

I added this to  the main.cf of postfix  smtpd_recipient_limit=20  but 
when i check the logs i still see email with 25 going through, i did 
reload postfix.... i made these changes after these emails where in the 
queue , does this setting only affect new emails? And what happens to 
the email that does go over 20, does it get rejected or just delete ??

from the log:

Jun 28 10:41:52 peter postfix/qmgr[25749]: A1F0069017A: 
from=<www-data at dns1.domain.com>, size=37915, nrcpt=25 (queue active)
Jun 28 10:41:52 peter postfix/qmgr[25749]: A69D9690180: 
from=<www-data at dns1.domain.com>, size=35344, nrcpt=25 (queue active)
Jun 28 10:41:52 peter postfix/qmgr[25749]: A5BCF69028B: 
from=<www-data at dns1.domain.com>, size=38742, nrcpt=25 (queue active)

Sorry if this is not the right place to ask this question.... but i am 
dying here....

Thanks..

-- 

Rob Morin
Dido InterNet Inc.
Montreal, Canada
Http://www.dido.ca
514-990-4444