OT: how to block emails sent to too many recipients
Steve Campbell
campbell at cnpapers.com
Mon Dec 20 14:18:51 GMT 2010
One thing you could do is add the following to your sendmail.mc
define(`confMAX_RCPTS_PER_MESSAGE',20)
This will block all but 20 of the recipients (still allows 20, though),
which is still 20 spams.
There were some security releases just recently for Horde, although I'm
not sure they affected very old releases, so depending on which versions
you are running, you might check out updating.
You can see the problems at:
http://seclists.org/fulldisclosure/2010/Sep/82
Steve Campbell
On 12/20/2010 9:00 AM, Denis Beauchemin wrote:
> Hello all,
>
> Someone seems to have found a way to use one of our MS servers to send spam. Each spam is sent to more than 199 recipients and the envelope from is never from our domain.
>
> I would like to block them but I am not sure how… I didn’t find anything in sendmail (except milter-limit which denies emails I have to deliver). I am now looking to SA.
>
> Does anyone know how to get the nrcpts= value found on the from= sendmail log line?
>
> Thanks!
>
> Denis
> PS: the spam is sent through our webmail (Horde). I cannot stop delivering emails from those servers.
>
> Denis Beauchemin, analyste
> Université de Sherbrooke, S.T.I.
> T: 819.821.8000x62252 F: 819.821.8045
>
>
More information about the MailScanner
mailing list