Dam spam from web server nee dlimit

Rob Morin rob at thehostmasters.com
Wed Jun 28 17:48:02 IST 2006


Ooo... that sounds cool... You mean,  make a custom rule, sort of... but 
how would MS know how many recipients it would have? My programming 
skills are just enough to get me by..
:)

if someone can direct me in the fashion of implementing it as a generic 
virus scanner, i would be very appreciated... Currently i delete all 
high scoring spam anything over 8 gets deleted... its been working out 
quite well for the last few years this way....

Thanks...

Rob Morin
Dido InterNet Inc.
Montreal, Canada
Http://www.dido.ca
514-990-4444



Julian Field wrote:
> You could do this with a Custom Function very easily. Just hook Spam 
> Actions and its brethren, test the number of recipients and return 
> "delete" if that's what you want it to do with it.
>
> Or else, which would be faster, is to set
> High Scoring Spam Actions = delete
> Is Definitely Spam = &CheckRecips
> Definite Spam is High Scoring = yes
>
> then just check the number of recipients in &CheckRecips, returning 1 
> if it has too many recipients and 0 otherwise.
>
> There are loads of other places you could hook it in, but the idea is 
> very similar. You could even implement it as a generic virus scanner 
> or spam scanner. If you go down the generic virus scanner route, just 
> say it's a virus if it has too many recipients, and then use the 
> Silent Viruses facility to cause the message to be binned completely.
>
> On Wed28 Jun 06, at 17:04, Rob Morin wrote:
>
>> I would like to have any emails with more that 20 recipients, NOT 
>> delivered and simply discarded from the queueu and sent to never 
>> never land!
>>
>> I would lover to shoot these people that put up exploitable scripts , 
>> but of course they always end up being high end clients, and the 
>> powers at be , say , just fix it and shut up....
>>
>> :(
>>
>> So in the end i have to deal with it!
>>
>> :(
>>
>> Thanks!
>>
>> Rob Morin
>> Dido InterNet Inc.
>> Montreal, Canada
>> Http://www.dido.ca
>> 514-990-4444
>>
>>
>>
>> Drew Marshall wrote:
>>> On Wed, June 28, 2006 15:42, Rob Morin wrote:
>>>
>>>> Hello all...
>>>>
>>>
>>> Hi Rob
>>>
>>>> I have a couple hosted websites that have exploitable forms, that 
>>>> can be
>>>> used to spam. i contact the person(s) as soon as i find out it is 
>>>> being
>>>> exploited and remove the offending form/script, whatever...
>>>>
>>>
>>> Nice. Might be customers but they clearly need shooting!
>>>
>>>
>>>> but by this time the damage is done. I have all email from my 
>>>> webserver
>>>> that goes out to go to my MX server running MS with postfix. now it
>>>> catches some of the spam as usual, but some not. Now some of the 
>>>> emails
>>>> come with over 25 recipients in the To  field. my question is how am i
>>>> suppose to limit this...??
>>>>
>>>
>>> Are you trying to just remove the offending mail or just clear the 
>>> server
>>> to allow it to process other mail to? I would suggest if possible you
>>> don't want to deliver the Spam, so I would kill postfix and just let 
>>> MS/
>>> SA do it's bit and see what's left.
>>>
>>>
>>>> I added this to  the main.cf of postfix  smtpd_recipient_limit=20  but
>>>> when i check the logs i still see email with 25 going through, i did
>>>> reload postfix.... i made these changes after these emails where in 
>>>> the
>>>> queue , does this setting only affect new emails? And what happens to
>>>> the email that does go over 20, does it get rejected or just delete ??
>>>>
>>>
>>> That limits the number of recipients that the smtpd accepts messages 
>>> for.
>>> If your server has the mail already, it's too late. But also the 
>>> overshoot
>>> limit will kick in also.
>>>
>>> smtpd_recipient_limit (default: 1000)
>>> The maximal number of recipients that the Postfix SMTP server 
>>> accepts per
>>> message delivery request.
>>>
>>> smtpd_recipient_overshoot_limit (default: 1000)
>>> The number of recipients that a remote SMTP client can send in 
>>> excess of
>>> the limit specified with $smtpd_recipient_limit, before the Postfix 
>>> SMTP
>>> server increments the per-session error count for each excess recipient
>>>
>>> Hope this helps.
>>>
>>> Drew
>>>
>>>
>>>
>> --MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> --Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store !
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>
> --This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner thanks transtec Computers for their support.
>
> --MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


More information about the MailScanner mailing list