OT: how to block emails sent to too many recipients
campbell at cnpapers.com
Mon Dec 20 14:23:30 GMT 2010
If you can find a common IP from your apache logs, firewall that off. If
the sending IP is not one of those random IPs, add it to your access
file. Sometimes, you may need to add a few IPs if they're slightly
random. If they're truly random and spoofed, the access file won't help.
On 12/20/2010 9:00 AM, Denis Beauchemin wrote:
> Hello all,
> Someone seems to have found a way to use one of our MS servers to send spam. Each spam is sent to more than 199 recipients and the envelope from is never from our domain.
> I would like to block them but I am not sure how… I didn’t find anything in sendmail (except milter-limit which denies emails I have to deliver). I am now looking to SA.
> Does anyone know how to get the nrcpts= value found on the from= sendmail log line?
> PS: the spam is sent through our webmail (Horde). I cannot stop delivering emails from those servers.
> Denis Beauchemin, analyste
> Université de Sherbrooke, S.T.I.
> T: 819.821.8000x62252 F: 819.821.8045
More information about the MailScanner