OT: how to block emails sent to too many recipients
Steve Campbell
campbell at cnpapers.com
Mon Dec 20 14:23:30 GMT 2010
Another thought:
If you can find a common IP from your apache logs, firewall that off. If
the sending IP is not one of those random IPs, add it to your access
file. Sometimes, you may need to add a few IPs if they're slightly
random. If they're truly random and spoofed, the access file won't help.
Steve Campbell
On 12/20/2010 9:00 AM, Denis Beauchemin wrote:
> Hello all,
>
> Someone seems to have found a way to use one of our MS servers to send spam. Each spam is sent to more than 199 recipients and the envelope from is never from our domain.
>
> I would like to block them but I am not sure how… I didn’t find anything in sendmail (except milter-limit which denies emails I have to deliver). I am now looking to SA.
>
> Does anyone know how to get the nrcpts= value found on the from= sendmail log line?
>
> Thanks!
>
> Denis
> PS: the spam is sent through our webmail (Horde). I cannot stop delivering emails from those servers.
>
> Denis Beauchemin, analyste
> Université de Sherbrooke, S.T.I.
> T: 819.821.8000x62252 F: 819.821.8045
>
>
More information about the MailScanner
mailing list