OT: how to block emails sent to too many recipients
Rose, Bobby
brose at med.wayne.edu
Mon Dec 20 15:17:28 GMT 2010
Not sure if it could apply in the case of number of recipients scenario but I've used milter-regex for dealing with those rolex and Viagra spam emails that are always coming from multiple IP addresses.
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Denis Beauchemin
Sent: Monday, December 20, 2010 9:43 AM
To: 'MailScanner discussion'
Subject: RE: OT: how to block emails sent to too many recipients
> -----Message d'origine-----
> De : mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] De la part de Steve Campbell Envoyé :
> 20 décembre 2010 09:24 À : MailScanner discussion Objet : Re: OT: how
> to block emails sent to too many recipients
>
> Another thought:
>
> If you can find a common IP from your apache logs, firewall that off.
> If the sending IP is not one of those random IPs, add it to your access file.
> Sometimes, you may need to add a few IPs if they're slightly random.
> If they're truly random and spoofed, the access file won't help.
>
> Steve Campbell
Unfortunately it comes from too many different IPs.
The server is used to send big batches of emails (people with Outlook mailing lists, webmails, etc). That's why it is so difficult to take drastic measures like confMAX_RCPTS_PER_MESSAGE which applies to all users.
All users of our webmail are authenticated. Don't know if some accounts were broken into or if there is some cookie hijacking going on... I think we patched Horde last week (not my team's responsibility). We're asking the guys that maintain Horde to try to block them at the source: if from is not from our domain and there are more than 25 recipients then reject the message. Hope they can pull it off!
Thanks for your help!
Denis
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
This document may include proprietary and confidential information of Wayne State University Physician Group and may only be read by those person(s) to whom it is addressed. If you have received this e-mail message in error, please notify us immediately. This document may not be reproduced, copied, distributed, published, modified or furnished to third parties, without prior written consent of Wayne State University Physician Group. Thank you.
More information about the MailScanner
mailing list