ka at pacific.net
Fri Apr 13 16:35:42 IST 2007
Michael Mansour wrote:
> Ken Anderson <ka at pacific.net> wrote: Jay Chandler wrote:
>> Hugo van der Kooij wrote:
>>> You need to block SMTP from anyone but acknowledged and well
>>> controlled servers in your network.
>> Ya think? :-)
>> This has been done. Note that the way this particular instance took
>> place was a user had a weak or leaked password, so the spammer came in
>> through our webmail gateway. Flow control won't work on that machine,
>> as it services hundreds of users. Neither will IP based restrictions.
>> The only think I can think of that would have caught this would have
>> been measuring the volume-- they're forced to use their own email
>> address, so after the first dozen messages, I'd have loved for something
>> to have said "Wait a damned second here..."
> This is exactly what you can dowith sendmail (if you're using it).
> Look here:
> for how you can rate throttle and protect your SMTP from attacks from spammers.
That's a good link to block incoming spam by IP, but sendmail's built in
automatic protection doesn't look at the "envelope from" address, which
is what's needed here. Of course spammers usually fake the from address,
so what works for incoming spam, wouldn't work here.
More information about the MailScanner