OT: how to block emails sent to too many recipients

Matt spamlists at coders.co.uk
Mon Dec 20 15:40:23 GMT 2010

On 20/12/2010 14:42, Denis Beauchemin wrote:
> All users of our webmail are authenticated. Don't know if some accounts were broken into or if there is some cookie hijacking going on...  I think we patched Horde last week (not my team's responsibility). We're asking the guys that maintain Horde to try to block them at the source: if from is not from our domain and there are more than 25 recipients then reject the message. Hope they can pull it off!
Assumption: Your legitimate users want to be able to continue sending
email without the server being listed in RBL's - therefore they will
accept a small degree of short term inconvenience.

Short term fix:
As this is likely to be an automated then get your web guys to move the
horde root location to a different URL and put a holding page in place
which redirects legitimate users using a client side redirect (using
JS).  The holding page also says that hey will be prompted for a
password before the login box appears and then create a .htaccess file
backed off to the same authentication source as Horde. 

This won't solve it long term but it will stop a purely automated attack. 


More information about the MailScanner mailing list