OT: how to block emails sent to too many recipients

Peter Ong peter.ong at hypermediasystems.com
Mon Dec 20 15:19:12 GMT 2010

You have to determine a few things:

1. Where is the attack coming from?
Is it some sort of robot that has figured out how to login to your horde installation?

2. Is it a bunch of spammers sending to users into your domain?

These two have different solutions.

In case #1:
You should be able to find out which accounts are doing this? Lock out the accounts. You need to stop the hemorrhaging first.

In case #2:
Are you using RBLs or SpamAssassin that discriminate on known characteristics unique to spam? In this case, even the ones you send out of your MTA are scanned for these characteristics.


----- Original Message -----
> Hello all,
> Someone seems to have found a way to use one of our MS servers to send
> spam. Each spam is sent to more than 199 recipients and the envelope
> from is never from our domain.
> I would like to block them but I am not sure how… I didn’t find
> anything in sendmail (except milter-limit which denies emails I have
> to deliver). I am now looking to SA.
> Does anyone know how to get the nrcpts= value found on the from=
> sendmail log line?
> Thanks!
> Denis
> PS: the spam is sent through our webmail (Horde). I cannot stop
> delivering emails from those servers.

More information about the MailScanner mailing list