OT: how to block emails sent to too many recipients
Steve Campbell
campbell at cnpapers.com
Mon Dec 20 16:42:33 GMT 2010
On 12/20/2010 9:42 AM, Denis Beauchemin wrote:
>> -----Message d'origine-----
>> De : mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>> bounces at lists.mailscanner.info] De la part de Steve Campbell
>> Envoyé : 20 décembre 2010 09:24
>> À : MailScanner discussion
>> Objet : Re: OT: how to block emails sent to too many recipients
>>
>> Another thought:
>>
>> If you can find a common IP from your apache logs, firewall that off. If the
>> sending IP is not one of those random IPs, add it to your access file.
>> Sometimes, you may need to add a few IPs if they're slightly random. If
>> they're truly random and spoofed, the access file won't help.
>>
>> Steve Campbell
> Unfortunately it comes from too many different IPs.
>
> The server is used to send big batches of emails (people with Outlook mailing lists, webmails, etc). That's why it is so difficult to take drastic measures like confMAX_RCPTS_PER_MESSAGE which applies to all users.
>
> All users of our webmail are authenticated. Don't know if some accounts were broken into or if there is some cookie hijacking going on... I think we patched Horde last week (not my team's responsibility). We're asking the guys that maintain Horde to try to block them at the source: if from is not from our domain and there are more than 25 recipients then reject the message. Hope they can pull it off!
>
> Thanks for your help!
>
> Denis
>
Do all of your valid "senders" originate from your owned IPs? Or do they
send from anyplace? If the prior, block everything in an .htaccess file
except your IPs.
Another option is using Mailman for these lists. It takes a little time
to set up the list initially, but after that, it's fairly simple to
maintain a bunch of these. At that point, you can require the owner of
the list to be required to moderate every email that passes through the
list. It might help you narrow down where they're coming from, and at
the very least, prevent them from going out of your servers.
Steve Campbell
More information about the MailScanner
mailing list