Dam spam from web server nee dlimit

Julian Field MailScanner at ecs.soton.ac.uk
Thu Jun 29 18:53:11 IST 2006


You could do this with a Custom Function very easily. Just hook Spam  
Actions and its brethren, test the number of recipients and return  
"delete" if that's what you want it to do with it.

Or else, which would be faster, is to set
High Scoring Spam Actions = delete
Is Definitely Spam = &CheckRecips
Definite Spam is High Scoring = yes

then just check the number of recipients in &CheckRecips, returning 1  
if it has too many recipients and 0 otherwise.

There are loads of other places you could hook it in, but the idea is  
very similar. You could even implement it as a generic virus scanner  
or spam scanner. If you go down the generic virus scanner route, just  
say it's a virus if it has too many recipients, and then use the  
Silent Viruses facility to cause the message to be binned completely.

On Wed28 Jun 06, at 17:04, Rob Morin wrote:

> I would like to have any emails with more that 20 recipients, NOT  
> delivered and simply discarded from the queueu and sent to never  
> never land!
>
> I would lover to shoot these people that put up exploitable  
> scripts , but of course they always end up being high end clients,  
> and the powers at be , say , just fix it and shut up....
>
> :(
>
> So in the end i have to deal with it!
>
> :(
>
> Thanks!
>
> Rob Morin
> Dido InterNet Inc.
> Montreal, Canada
> Http://www.dido.ca
> 514-990-4444
>
>
>
> Drew Marshall wrote:
>> On Wed, June 28, 2006 15:42, Rob Morin wrote:
>>
>>> Hello all...
>>>
>>
>> Hi Rob
>>
>>> I have a couple hosted websites that have exploitable forms, that  
>>> can be
>>> used to spam. i contact the person(s) as soon as i find out it is  
>>> being
>>> exploited and remove the offending form/script, whatever...
>>>
>>
>> Nice. Might be customers but they clearly need shooting!
>>
>>
>>> but by this time the damage is done. I have all email from my  
>>> webserver
>>> that goes out to go to my MX server running MS with postfix. now it
>>> catches some of the spam as usual, but some not. Now some of the  
>>> emails
>>> come with over 25 recipients in the To  field. my question is how  
>>> am i
>>> suppose to limit this...??
>>>
>>
>> Are you trying to just remove the offending mail or just clear the  
>> server
>> to allow it to process other mail to? I would suggest if possible you
>> don't want to deliver the Spam, so I would kill postfix and just  
>> let MS/
>> SA do it's bit and see what's left.
>>
>>
>>> I added this to  the main.cf of postfix   
>>> smtpd_recipient_limit=20  but
>>> when i check the logs i still see email with 25 going through, i did
>>> reload postfix.... i made these changes after these emails where  
>>> in the
>>> queue , does this setting only affect new emails? And what  
>>> happens to
>>> the email that does go over 20, does it get rejected or just  
>>> delete ??
>>>
>>
>> That limits the number of recipients that the smtpd accepts  
>> messages for.
>> If your server has the mail already, it's too late. But also the  
>> overshoot
>> limit will kick in also.
>>
>> smtpd_recipient_limit (default: 1000)
>> The maximal number of recipients that the Postfix SMTP server  
>> accepts per
>> message delivery request.
>>
>> smtpd_recipient_overshoot_limit (default: 1000)
>> The number of recipients that a remote SMTP client can send in  
>> excess of
>> the limit specified with $smtpd_recipient_limit, before the  
>> Postfix SMTP
>> server increments the per-session error count for each excess  
>> recipient
>>
>> Hope this helps.
>>
>> Drew
>>
>>
>>
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store !
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060629/c1a74b4b/attachment.html


More information about the MailScanner mailing list