Notify Admin of User Sending High Volume of Mail

Josh Kidd jkidd at
Mon Sep 22 22:32:40 IST 2008

Don't know if anyone else has attempted to do something like this before
or not, I gave a scan to Google and the lists and didn't see anything. I
have MailScanner setup on a FreeBSD7 machine running
Postfix+MailScanner(SA,ClamAV)+Mailwatch. We are wanting to find a way
that if a user's computer is infected and starts sending out a large
number of emails in a short time frame (ie: 20,30,50 messages in 2-5


I assume this would have to be a custom ruleset but being new to
MailScanner I don't know exactly how I would go about creating this
rule. Has anyone done something like this or know's how to? I want
MailScanner or Mailwatch to email me if a user's outbound mail volume
exceeds our pre-defined limits so I can shutdown whatever is sending out
the large volume of mail to prevent our domain from being blacklisted.


Thanks in Advance,



-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list