Dam spam from web server nee dlimit
glenn.steen at gmail.com
Wed Jun 28 16:16:28 IST 2006
On 28/06/06, Rob Morin <rob at thehostmasters.com> wrote:
> Hello all...
> I have a couple hosted websites that have exploitable forms, that can be
> used to spam. i contact the person(s) as soon as i find out it is being
> exploited and remove the offending form/script, whatever...
> but by this time the damage is done. I have all email from my webserver
> that goes out to go to my MX server running MS with postfix. now it
> catches some of the spam as usual, but some not. Now some of the emails
> come with over 25 recipients in the To field. my question is how am i
> suppose to limit this...??
> I added this to the main.cf of postfix smtpd_recipient_limit=20 but
> when i check the logs i still see email with 25 going through, i did
> reload postfix.... i made these changes after these emails where in the
> queue , does this setting only affect new emails? And what happens to
> the email that does go over 20, does it get rejected or just delete ??
smtpd only handle the SMTP conversation phase, so anything already in
the queue(s) will be unaffected by the change.
Overshooting the limit will generate a 452 error. The companion
overshoot limit stipulates how many recipients the sender "need"
overshoot by before incrementing the error count (and eventually
taking the appropriate error action).
This telnet session will show what happens when the limit is set to 1.
[root at apmx05 ~]# telnet apmx04 25
Connected to apmx04.ap1.se (172.18.3.86).
Escape character is '^]'.
220 mail.ap1.se ESMTP Postfix (2.2.5) (Mandrake Linux)
rcpt to:<glenn.steen at example.com>
rcpt to:<nnn at example.com>
452 Error: too many recipients
> from the log:
> Jun 28 10:41:52 peter postfix/qmgr: A1F0069017A:
> from=<www-data at dns1.domain.com>, size=37915, nrcpt=25 (queue active)
> Jun 28 10:41:52 peter postfix/qmgr: A69D9690180:
> from=<www-data at dns1.domain.com>, size=35344, nrcpt=25 (queue active)
> Jun 28 10:41:52 peter postfix/qmgr: A5BCF69028B:
> from=<www-data at dns1.domain.com>, size=38742, nrcpt=25 (queue active)
Note that it is qmgr logging this, not smtpd.
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner