MailScanner to detect same sender with multiple incoming email
Muhammad Hazwan Bin Abdul Rahman
mhdhazwan at sains.com.my
Wed Aug 11 08:49:43 UTC 2021
I have a mail server that configured with mailscanner and spamaassassin.
Lately, I have received a kind of bot attack of email which the sender
send an email to multiple recipient( >100) in a short time.
One of my rule in spamassassin is to detect any sender in which is
sending to more then 20 person as high scoring spam value.
However, since the attack is a private 1 to 1 mail but many recipient
(im assuming the attacker using some kind of script), my rule cant hit
that behavior.
Im asking is there any other way in trying to catch this style of attack
using mailscanner and spamassassin?
Using Centos 7 as my OS.
Thanks
--
Regards,
Hazwan
More information about the MailScanner
mailing list