OT: how to block emails sent to too many recipients

[Steve Freegard]

Hi Denis,

On 20/12/10 14:42, Denis Beauchemin wrote:
>> -----Message d'origine-----
>> De : mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>> bounces at lists.mailscanner.info] De la part de Steve Campbell
>> Envoyé : 20 décembre 2010 09:24
>> À : MailScanner discussion
>> Objet : Re: OT: how to block emails sent to too many recipients
>>
>> Another thought:
>>
>> If you can find a common IP from your apache logs, firewall that off. If the
>> sending IP is not one of those random IPs, add it to your access file.
>> Sometimes, you may need to add a few IPs if they're slightly random. If
>> they're truly random and spoofed, the access file won't help.
>>
>> Steve Campbell
>
> Unfortunately it comes from too many different IPs.
>
> The server is used to send big batches of emails (people with Outlook mailing lists, webmails, etc). That's why it is so difficult to take drastic measures like confMAX_RCPTS_PER_MESSAGE which applies to all users.
>
> All users of our webmail are authenticated. Don't know if some accounts were broken into or if there is some cookie hijacking going on...  I think we patched Horde last week (not my team's responsibility). We're asking the guys that maintain Horde to try to block them at the source: if from is not from our domain and there are more than 25 recipients then reject the message. Hope they can pull it off!
>
> Thanks for your help!

I know you guys are trialling BarricadeMX+ - not sure if you're running 
this mail through it yet; but you could stop this dead using it if you 
are, just enable the 'mail strict relay' option (Setup -> BarricadeMX in 
the Web GUI) which only allows messages to be relayed outbound if the 
envelope domain matches the domains that you have defined - everything 
else is denied relay and is rejected at SMTP time.

If you need any help; me or any of the rest of the team would be happy 
to help.

Kind regards,
Steve.