MailScanner to detect same sender with multiple incoming email

Muhammad Hazwan Bin Abdul Rahman mhdhazwan at
Wed Aug 11 08:49:43 UTC 2021

I have a mail server that configured with mailscanner and spamaassassin. 
Lately, I have received a kind of bot attack of email which the sender 
send an email to multiple recipient( >100) in a short time.

One of my rule in spamassassin is to detect any sender in which is 
sending to more then 20 person as high scoring spam value.
However, since the attack is a private 1 to 1 mail but many recipient 
(im assuming the attacker using some kind of script), my rule cant hit 
that behavior.

Im asking is there any other way in trying to catch this style of attack 
using mailscanner and spamassassin?

Using Centos 7 as my OS.



More information about the MailScanner mailing list