Dam spam from web server nee dlimit

Julian Field MailScanner at ecs.soton.ac.uk
Wed Jun 28 18:42:17 IST 2006 

On Wed28 Jun 06, at 17:48, Rob Morin wrote:

> Ooo... that sounds cool... You mean,  make a custom rule, sort  
> of... but how would MS know how many recipients it would have? My  
> programming skills are just enough to get me by..
> :)

Count the number of elements in
	@{$message->{to}}
and return 1 (= yes) or 0 (= no) (if you are using a yes/no rule) or  
the appropriate string for the configuration setting.


>
> if someone can direct me in the fashion of implementing it as a  
> generic virus scanner, i would be very appreciated... Currently i  
> delete all high scoring spam anything over 8 gets deleted... its  
> been working out quite well for the last few years this way....

Take a look in /usr/lib/MailScanner/MailScanner/CustomFunctions
and read the docs.

If you delete all high-scoring spam anyway then you could do it with  
"Is Definitely Spam", but that would remove your ability to have a  
normal blacklist as well, so you are probably still better off with  
the Custom Virus Scanner approach.

>
> Julian Field wrote:
>> You could do this with a Custom Function very easily. Just hook  
>> Spam Actions and its brethren, test the number of recipients and  
>> return "delete" if that's what you want it to do with it.
>>
>> Or else, which would be faster, is to set
>> High Scoring Spam Actions = delete
>> Is Definitely Spam = &CheckRecips
>> Definite Spam is High Scoring = yes
>>
>> then just check the number of recipients in &CheckRecips,  
>> returning 1 if it has too many recipients and 0 otherwise.
>>
>> There are loads of other places you could hook it in, but the idea  
>> is very similar. You could even implement it as a generic virus  
>> scanner or spam scanner. If you go down the generic virus scanner  
>> route, just say it's a virus if it has too many recipients, and  
>> then use the Silent Viruses facility to cause the message to be  
>> binned completely.
>>
>> On Wed28 Jun 06, at 17:04, Rob Morin wrote:
>>
>>> I would like to have any emails with more that 20 recipients, NOT  
>>> delivered and simply discarded from the queueu and sent to never  
>>> never land!
>>>
>>> I would lover to shoot these people that put up exploitable  
>>> scripts , but of course they always end up being high end  
>>> clients, and the powers at be , say , just fix it and shut up....
>>>
>>> :(
>>>
>>> So in the end i have to deal with it!
>>>
>>> :(
>>>
>>> Thanks!
>>>
>>> Rob Morin
>>> Dido InterNet Inc.
>>> Montreal, Canada
>>> Http://www.dido.ca
>>> 514-990-4444
>>>
>>>
>>>
>>> Drew Marshall wrote:
>>>> On Wed, June 28, 2006 15:42, Rob Morin wrote:
>>>>
>>>>> Hello all...
>>>>>
>>>>
>>>> Hi Rob
>>>>
>>>>> I have a couple hosted websites that have exploitable forms,  
>>>>> that can be
>>>>> used to spam. i contact the person(s) as soon as i find out it  
>>>>> is being
>>>>> exploited and remove the offending form/script, whatever...
>>>>>
>>>>
>>>> Nice. Might be customers but they clearly need shooting!
>>>>
>>>>
>>>>> but by this time the damage is done. I have all email from my  
>>>>> webserver
>>>>> that goes out to go to my MX server running MS with postfix.  
>>>>> now it
>>>>> catches some of the spam as usual, but some not. Now some of  
>>>>> the emails
>>>>> come with over 25 recipients in the To  field. my question is  
>>>>> how am i
>>>>> suppose to limit this...??
>>>>>
>>>>
>>>> Are you trying to just remove the offending mail or just clear  
>>>> the server
>>>> to allow it to process other mail to? I would suggest if  
>>>> possible you
>>>> don't want to deliver the Spam, so I would kill postfix and just  
>>>> let MS/
>>>> SA do it's bit and see what's left.
>>>>
>>>>
>>>>> I added this to  the main.cf of postfix   
>>>>> smtpd_recipient_limit=20  but
>>>>> when i check the logs i still see email with 25 going through,  
>>>>> i did
>>>>> reload postfix.... i made these changes after these emails  
>>>>> where in the
>>>>> queue , does this setting only affect new emails? And what  
>>>>> happens to
>>>>> the email that does go over 20, does it get rejected or just  
>>>>> delete ??
>>>>>
>>>>
>>>> That limits the number of recipients that the smtpd accepts  
>>>> messages for.
>>>> If your server has the mail already, it's too late. But also the  
>>>> overshoot
>>>> limit will kick in also.
>>>>
>>>> smtpd_recipient_limit (default: 1000)
>>>> The maximal number of recipients that the Postfix SMTP server  
>>>> accepts per
>>>> message delivery request.
>>>>
>>>> smtpd_recipient_overshoot_limit (default: 1000)
>>>> The number of recipients that a remote SMTP client can send in  
>>>> excess of
>>>> the limit specified with $smtpd_recipient_limit, before the  
>>>> Postfix SMTP
>>>> server increments the per-session error count for each excess  
>>>> recipient
>>>>
>>>> Hope this helps.
>>>>
>>>> Drew
>>>>
>>>>
>>>>
>>> --MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>> --Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store !
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>>
>> --This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> MailScanner thanks transtec Computers for their support.
>>
>> --MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store !
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

More information about the MailScanner mailing list