OT: how to block emails sent to too many recipients

Steve Campbell campbell at cnpapers.com
Mon Dec 20 14:23:30 GMT 2010

Another thought:

If you can find a common IP from your apache logs, firewall that off. If 
the sending IP is not one of those random IPs, add it to your access 
file. Sometimes, you may need to add a few IPs if they're slightly 
random. If they're truly random and spoofed, the access file won't help.

Steve Campbell

On 12/20/2010 9:00 AM, Denis Beauchemin wrote:
> Hello all,
> Someone seems to have found a way to use one of our MS servers to send spam. Each spam is sent to more than 199 recipients and the envelope from is never from our domain.
> I would like to block them but I am not sure how… I didn’t find anything in sendmail (except milter-limit which denies emails I have to deliver). I am now looking to SA.
> Does anyone know how to get the nrcpts= value found on the from= sendmail log line?
> Thanks!
> Denis
> PS: the spam is sent through our webmail (Horde). I cannot stop delivering emails from those servers.
> Denis Beauchemin, analyste
> Université de Sherbrooke, S.T.I.
> T: 819.821.8000x62252 F: 819.821.8045

More information about the MailScanner mailing list