Dam spam from web server nee dlimit

Glenn Steen glenn.steen at gmail.com
Wed Jun 28 16:16:28 IST 2006 

On 28/06/06, Rob Morin <rob at thehostmasters.com> wrote:
> Hello all...
>
> I have a couple hosted websites that have exploitable forms, that can be
> used to spam. i contact the person(s) as soon as i find out it is being
> exploited and remove the offending form/script, whatever...
>
> but by this time the damage is done. I have all email from my webserver
> that goes out to go to my MX server running MS with postfix. now it
> catches some of the spam as usual, but some not. Now some of the emails
> come with over 25 recipients in the To  field. my question is how am i
> suppose to limit this...??
>
> I added this to  the main.cf of postfix  smtpd_recipient_limit=20  but
> when i check the logs i still see email with 25 going through, i did
> reload postfix.... i made these changes after these emails where in the
> queue , does this setting only affect new emails? And what happens to
> the email that does go over 20, does it get rejected or just delete ??

smtpd only handle the SMTP conversation phase, so anything already in
the queue(s) will be unaffected by the change.
Overshooting the limit will generate a 452 error. The companion
overshoot limit stipulates how many recipients the sender "need"
overshoot by before incrementing the error count (and eventually
taking the appropriate error action).
This telnet session will show what happens when the limit is set to 1.
---------
[root at apmx05 ~]# telnet apmx04 25
Trying 172.18.3.86...
Connected to apmx04.ap1.se (172.18.3.86).
Escape character is '^]'.
220 mail.ap1.se ESMTP Postfix (2.2.5) (Mandrake Linux)
ehlo aaa.se
250-mail.ap1.se
250-PIPELINING
250-SIZE 16777216
250-ETRN
250 8BITMIME
mail from:<>
250 Ok
rcpt to:<glenn.steen at example.com>
250 Ok
rcpt to:<nnn at example.com>
452 Error: too many recipients
---------

> from the log:
>
> Jun 28 10:41:52 peter postfix/qmgr[25749]: A1F0069017A:
> from=<www-data at dns1.domain.com>, size=37915, nrcpt=25 (queue active)
> Jun 28 10:41:52 peter postfix/qmgr[25749]: A69D9690180:
> from=<www-data at dns1.domain.com>, size=35344, nrcpt=25 (queue active)
> Jun 28 10:41:52 peter postfix/qmgr[25749]: A5BCF69028B:
> from=<www-data at dns1.domain.com>, size=38742, nrcpt=25 (queue active)

Note that it is qmgr logging this, not smtpd.

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list