Notify Admin of User Sending High Volume of Mail

Hugo van der Kooij hvdkooij at vanderkooij.org
Tue Sep 23 06:39:34 IST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Josh Kidd wrote:
> Don’t know if anyone else has attempted to do something like this before
> or not, I gave a scan to Google and the lists and didn’t see anything. I
> have MailScanner setup on a FreeBSD7 machine running
> Postfix+MailScanner(SA,ClamAV)+Mailwatch. We are wanting to find a way
> that if a user’s computer is infected and starts sending out a large
> number of emails in a short time frame (ie: 20,30,50 messages in 2-5
> minutes).

Well if you scan the messages and flag them as spam you might be able to
use a tool like sec to parse log files and raise a flag on the proper
conditions.

I must admit I would have to think a bit before I could write the actual
sec rule(s).

Hugo.

- --
hvdkooij at vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFI2IEUBvzDRVjxmYERAplNAKCgffzvvWUolzDzzYPVOF7uNSsy4QCdH1Rg
RV1zx16C0zAZi73Luhz042g=
=1cNm
-----END PGP SIGNATURE-----


More information about the MailScanner mailing list