Dam spam from web server nee dlimit
rob at thehostmasters.com
Wed Jun 28 17:48:02 IST 2006
Ooo... that sounds cool... You mean, make a custom rule, sort of... but
how would MS know how many recipients it would have? My programming
skills are just enough to get me by..
if someone can direct me in the fashion of implementing it as a generic
virus scanner, i would be very appreciated... Currently i delete all
high scoring spam anything over 8 gets deleted... its been working out
quite well for the last few years this way....
Dido InterNet Inc.
Julian Field wrote:
> You could do this with a Custom Function very easily. Just hook Spam
> Actions and its brethren, test the number of recipients and return
> "delete" if that's what you want it to do with it.
> Or else, which would be faster, is to set
> High Scoring Spam Actions = delete
> Is Definitely Spam = &CheckRecips
> Definite Spam is High Scoring = yes
> then just check the number of recipients in &CheckRecips, returning 1
> if it has too many recipients and 0 otherwise.
> There are loads of other places you could hook it in, but the idea is
> very similar. You could even implement it as a generic virus scanner
> or spam scanner. If you go down the generic virus scanner route, just
> say it's a virus if it has too many recipients, and then use the
> Silent Viruses facility to cause the message to be binned completely.
> On Wed28 Jun 06, at 17:04, Rob Morin wrote:
>> I would like to have any emails with more that 20 recipients, NOT
>> delivered and simply discarded from the queueu and sent to never
>> never land!
>> I would lover to shoot these people that put up exploitable scripts ,
>> but of course they always end up being high end clients, and the
>> powers at be , say , just fix it and shut up....
>> So in the end i have to deal with it!
>> Rob Morin
>> Dido InterNet Inc.
>> Montreal, Canada
>> Drew Marshall wrote:
>>> On Wed, June 28, 2006 15:42, Rob Morin wrote:
>>>> Hello all...
>>> Hi Rob
>>>> I have a couple hosted websites that have exploitable forms, that
>>>> can be
>>>> used to spam. i contact the person(s) as soon as i find out it is
>>>> exploited and remove the offending form/script, whatever...
>>> Nice. Might be customers but they clearly need shooting!
>>>> but by this time the damage is done. I have all email from my
>>>> that goes out to go to my MX server running MS with postfix. now it
>>>> catches some of the spam as usual, but some not. Now some of the
>>>> come with over 25 recipients in the To field. my question is how am i
>>>> suppose to limit this...??
>>> Are you trying to just remove the offending mail or just clear the
>>> to allow it to process other mail to? I would suggest if possible you
>>> don't want to deliver the Spam, so I would kill postfix and just let
>>> SA do it's bit and see what's left.
>>>> I added this to the main.cf of postfix smtpd_recipient_limit=20 but
>>>> when i check the logs i still see email with 25 going through, i did
>>>> reload postfix.... i made these changes after these emails where in
>>>> queue , does this setting only affect new emails? And what happens to
>>>> the email that does go over 20, does it get rejected or just delete ??
>>> That limits the number of recipients that the smtpd accepts messages
>>> If your server has the mail already, it's too late. But also the
>>> limit will kick in also.
>>> smtpd_recipient_limit (default: 1000)
>>> The maximal number of recipients that the Postfix SMTP server
>>> accepts per
>>> message delivery request.
>>> smtpd_recipient_overshoot_limit (default: 1000)
>>> The number of recipients that a remote SMTP client can send in
>>> excess of
>>> the limit specified with $smtpd_recipient_limit, before the Postfix
>>> server increments the per-session error count for each excess recipient
>>> Hope this helps.
>> --MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> Before posting, read http://wiki.mailscanner.info/posting
>> Support MailScanner development - buy the book off the website!
> --Julian Field
> Buy the MailScanner book at www.MailScanner.info/store !
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> --This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner thanks transtec Computers for their support.
> --MailScanner mailing list
> mailscanner at lists.mailscanner.info
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the website!
More information about the MailScanner