Feature Request
Michael Mansour
micoots at yahoo.com
Fri Apr 13 12:28:48 IST 2007
Hi,
Ken Anderson <ka at pacific.net> wrote: Jay Chandler wrote:
> Hugo van der Kooij wrote:
>> You need to block SMTP from anyone but acknowledged and well
>> controlled servers in your network.
> Ya think? :-)
>
> This has been done. Note that the way this particular instance took
> place was a user had a weak or leaked password, so the spammer came in
> through our webmail gateway. Flow control won't work on that machine,
> as it services hundreds of users. Neither will IP based restrictions.
> The only think I can think of that would have caught this would have
> been measuring the volume-- they're forced to use their own email
> address, so after the first dozen messages, I'd have loved for something
> to have said "Wait a damned second here..."
This is exactly what you can dowith sendmail (if you're using it).
Look here:
http://www.technoids.org/dossed.html
for how you can rate throttle and protect your SMTP from attacks from spammers.
Michael.
tail the log, watch the "relay=" and instead of the IP, capture the
"from=" if a message "is spam" from your webmail box and put that into
either an access "From:baduser at here.net Error 450 hold that spam" entry,
or a MailScanner rule that quarantines mail from that user and then
reloads MailScanner.
ossec (ossec.net) has 'active response' and might help with automating
this if you want something more robust and faster than a cron job
running a shell script. It's quite good, and it's response is within
seconds, not minutes, but does need some tweaking for your needs.
Ken Anderson
Pacific.Net
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
Send instant messages to your online friends http://au.messenger.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070413/876838e9/attachment.html
More information about the MailScanner
mailing list