Recipient Limitation(s)
Mark Sapiro
mark at msapiro.net
Sat Jul 25 15:08:14 IST 2009
On Fri, Jul 24, 2009 at 04:56:13PM -0300, Eduardo Casarero wrote:
> 2009/7/22 Gottschalk, David <dgottsc at emory.edu>
>
> > Is it possible to setup MailScanner to block/quarantine messages over a
> > certain number of recipients? I want to do this because we have a lot of
> > accounts being compromised and sending out emails to a large number of
> > recipients. I think this would be a good proactive measure.
> >
> > I've looked into spamassassin doing this, but cannot find anything that
> > would give me the ability to do this.
> >
> > Any tips would be appreciated, I've searched all around and haven't found
> > anything.
>
>
> Some time ago i wrote this rule for SpamAssassin, i didnt test it a lot, so
> test it with precaution. I was for someone with the same problem than you.
>
> the logic of the rule is that if the email has more than 10 recipients at
> least 1 rule will hit, with combination is probable than more than one hits.
> you can also generate a new meta rule to have only 1 hit with an OR.
>
> header __TEST_TO_1 To =~ /(.*?(@).*?){1,}/i
> header __TEST_TO_2 To =~ /(.*?(@).*?){2,}/i
> header __TEST_TO_3 To =~ /(.*?(@).*?){3,}/i
> header __TEST_TO_4 To =~ /(.*?(@).*?){4,}/i
> header __TEST_TO_5 To =~ /(.*?(@).*?){5,}/i
> header __TEST_TO_6 To =~ /(.*?(@).*?){6,}/i
> header __TEST_TO_7 To =~ /(.*?(@).*?){7,}/i
> header __TEST_TO_8 To =~ /(.*?(@).*?){8,}/i
> header __TEST_TO_9 To =~ /(.*?(@).*?){9,}/i
> header __TEST_TO_10 To =~ /(.*?(@).*?){10,}/i
>
> header __TEST_CC_1 Cc =~ /(.*?(@).*?){1,}/i
> header __TEST_CC_2 Cc =~ /(.*?(@).*?){2,}/i
> header __TEST_CC_3 Cc =~ /(.*?(@).*?){3,}/i
> header __TEST_CC_4 Cc =~ /(.*?(@).*?){4,}/i
> header __TEST_CC_5 Cc =~ /(.*?(@).*?){5,}/i
> header __TEST_CC_6 Cc =~ /(.*?(@).*?){6,}/i
> header __TEST_CC_7 Cc =~ /(.*?(@).*?){7,}/i
> header __TEST_CC_8 Cc =~ /(.*?(@).*?){8,}/i
> header __TEST_CC_9 Cc =~ /(.*?(@).*?){9,}/i
> header __TEST_CC_10 Cc =~ /(.*?(@).*?){10,}/i
>
> #just for testing purposes
> #meta TEST_TO_1_CC_1 (__TEST_TO_1 && __TEST_CC_1)
> #
>
> meta TEST_TO_1_CC_9 (__TEST_TO_1 && __TEST_CC_9)
> meta TEST_TO_2_CC_8 (__TEST_TO_2 && __TEST_CC_8)
> meta TEST_TO_3_CC_7 (__TEST_TO_3 && __TEST_CC_7)
> meta TEST_TO_4_CC_6 (__TEST_TO_4 && __TEST_CC_6)
> meta TEST_TO_5_CC_5 (__TEST_TO_5 && __TEST_CC_5)
> meta TEST_TO_6_CC_4 (__TEST_TO_6 && __TEST_CC_4)
> meta TEST_TO_7_CC_3 (__TEST_TO_7 && __TEST_CC_3)
> meta TEST_TO_8_CC_2 (__TEST_TO_8 && __TEST_CC_2)
> meta TEST_TO_9_CC_1 (__TEST_TO_9 && __TEST_CC_1)
> meta TEST_TO_10_CC_0 (__TEST_TO_10)
> meta TEST_TO_10_CC_0 (__TEST_CC_10)
I think the above line has a typo. It should be
meta TEST_TO_0_CC_10 (__TEST_CC_10)
> score TEST_TO_1_CC_1 0.01
> score TEST_TO_1_CC_9 0.01
> score TEST_TO_2_CC_8 0.01
> score TEST_TO_3_CC_7 0.01
> score TEST_TO_4_CC_6 0.01
> score TEST_TO_5_CC_5 0.01
> score TEST_TO_6_CC_4 0.01
> score TEST_TO_7_CC_3 0.01
> score TEST_TO_8_CC_2 0.01
> score TEST_TO_9_CC_1 0.01
> score TEST_TO_10_CC_0 0.01
> score TEST_TO_0_CC_10 0.01
>
> hope it helps!
The potential issue with this is it is looking at the To: and Cc:
headers of the message and not at the number of envelope recipients.
If this is what is wanted, fine, but keep in mind that the To: and
Cc: headers don't necessarily bear any relation to the actual message
recipients.
--
Mark Sapiro mark at msapiro net The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list