OT: how to block emails sent to too many recipients
steve.freegard at fsl.com
Mon Dec 20 18:43:45 GMT 2010
On 20/12/10 14:42, Denis Beauchemin wrote:
>> -----Message d'origine-----
>> De : mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>> bounces at lists.mailscanner.info] De la part de Steve Campbell
>> Envoyé : 20 décembre 2010 09:24
>> À : MailScanner discussion
>> Objet : Re: OT: how to block emails sent to too many recipients
>> Another thought:
>> If you can find a common IP from your apache logs, firewall that off. If the
>> sending IP is not one of those random IPs, add it to your access file.
>> Sometimes, you may need to add a few IPs if they're slightly random. If
>> they're truly random and spoofed, the access file won't help.
>> Steve Campbell
> Unfortunately it comes from too many different IPs.
> The server is used to send big batches of emails (people with Outlook mailing lists, webmails, etc). That's why it is so difficult to take drastic measures like confMAX_RCPTS_PER_MESSAGE which applies to all users.
> All users of our webmail are authenticated. Don't know if some accounts were broken into or if there is some cookie hijacking going on... I think we patched Horde last week (not my team's responsibility). We're asking the guys that maintain Horde to try to block them at the source: if from is not from our domain and there are more than 25 recipients then reject the message. Hope they can pull it off!
> Thanks for your help!
I know you guys are trialling BarricadeMX+ - not sure if you're running
this mail through it yet; but you could stop this dead using it if you
are, just enable the 'mail strict relay' option (Setup -> BarricadeMX in
the Web GUI) which only allows messages to be relayed outbound if the
envelope domain matches the domains that you have defined - everything
else is denied relay and is rejected at SMTP time.
If you need any help; me or any of the rest of the team would be happy
More information about the MailScanner