Notify Admin of User Sending High Volume of Mail
Josh Kidd
jkidd at afflink.com
Mon Sep 22 22:32:40 IST 2008
Don't know if anyone else has attempted to do something like this before
or not, I gave a scan to Google and the lists and didn't see anything. I
have MailScanner setup on a FreeBSD7 machine running
Postfix+MailScanner(SA,ClamAV)+Mailwatch. We are wanting to find a way
that if a user's computer is infected and starts sending out a large
number of emails in a short time frame (ie: 20,30,50 messages in 2-5
minutes).
I assume this would have to be a custom ruleset but being new to
MailScanner I don't know exactly how I would go about creating this
rule. Has anyone done something like this or know's how to? I want
MailScanner or Mailwatch to email me if a user's outbound mail volume
exceeds our pre-defined limits so I can shutdown whatever is sending out
the large volume of mail to prevent our domain from being blacklisted.
Thanks in Advance,
JK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080922/bbbb556e/attachment.html
More information about the MailScanner
mailing list