Dam spam from web server nee dlimit

Drew Marshall drew at themarshalls.co.uk
Wed Jun 28 16:34:07 IST 2006 

On Wed, June 28, 2006 15:42, Rob Morin wrote:
> Hello all...

Hi Rob
>
> I have a couple hosted websites that have exploitable forms, that can be
> used to spam. i contact the person(s) as soon as i find out it is being
> exploited and remove the offending form/script, whatever...

Nice. Might be customers but they clearly need shooting!

> but by this time the damage is done. I have all email from my webserver
> that goes out to go to my MX server running MS with postfix. now it
> catches some of the spam as usual, but some not. Now some of the emails
> come with over 25 recipients in the To  field. my question is how am i
> suppose to limit this...??

Are you trying to just remove the offending mail or just clear the server
to allow it to process other mail to? I would suggest if possible you
don't want to deliver the Spam, so I would kill postfix and just let MS/
SA do it's bit and see what's left.

> I added this to  the main.cf of postfix  smtpd_recipient_limit=20  but
> when i check the logs i still see email with 25 going through, i did
> reload postfix.... i made these changes after these emails where in the
> queue , does this setting only affect new emails? And what happens to
> the email that does go over 20, does it get rejected or just delete ??

That limits the number of recipients that the smtpd accepts messages for.
If your server has the mail already, it's too late. But also the overshoot
limit will kick in also.

smtpd_recipient_limit (default: 1000)
The maximal number of recipients that the Postfix SMTP server accepts per
message delivery request.

smtpd_recipient_overshoot_limit (default: 1000)
The number of recipients that a remote SMTP client can send in excess of
the limit specified with $smtpd_recipient_limit, before the Postfix SMTP
server increments the per-session error count for each excess recipient

Hope this helps.

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

More information about the MailScanner mailing list