Notify Admin of User Sending High Volume of Mail
Hugo van der Kooij
hvdkooij at vanderkooij.org
Tue Sep 23 06:39:34 IST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Josh Kidd wrote:
> Don’t know if anyone else has attempted to do something like this before
> or not, I gave a scan to Google and the lists and didn’t see anything. I
> have MailScanner setup on a FreeBSD7 machine running
> Postfix+MailScanner(SA,ClamAV)+Mailwatch. We are wanting to find a way
> that if a user’s computer is infected and starts sending out a large
> number of emails in a short time frame (ie: 20,30,50 messages in 2-5
> minutes).
Well if you scan the messages and flag them as spam you might be able to
use a tool like sec to parse log files and raise a flag on the proper
conditions.
I must admit I would have to think a bit before I could write the actual
sec rule(s).
Hugo.
- --
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFI2IEUBvzDRVjxmYERAplNAKCgffzvvWUolzDzzYPVOF7uNSsy4QCdH1Rg
RV1zx16C0zAZi73Luhz042g=
=1cNm
-----END PGP SIGNATURE-----
More information about the MailScanner
mailing list