Hi,<br><br><b><i>Ken Anderson <ka@pacific.net></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> Jay Chandler wrote:<br>> Hugo van der Kooij wrote:<br>>> You need to block SMTP from anyone but acknowledged and well <br>>> controlled servers in your network.<br>> Ya think? :-)<br>> <br>> This has been done. Note that the way this particular instance took <br>> place was a user had a weak or leaked password, so the spammer came in <br>> through our webmail gateway. Flow control won't work on that machine, <br>> as it services hundreds of users. Neither will IP based restrictions. <br>> The only think I can think of that would have caught this would have <br>> been measuring the volume-- they're forced to use their own email <br>> address, so after the first dozen messages, I'd have loved for something <br>> to have said "Wait a damned second
here..."<br></blockquote>This is exactly what you can dowith sendmail (if you're using it).<br><br>Look here:<br><br>http://www.technoids.org/dossed.html<br><br>for how you can rate throttle and protect your SMTP from attacks from spammers.<br><br>Michael.<br><blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;">tail the log, watch the "relay=" and instead of the IP, capture the <br>"from=" if a message "is spam" from your webmail box and put that into <br>either an access "From:baduser@here.net Error 450 hold that spam" entry, <br>or a MailScanner rule that quarantines mail from that user and then <br>reloads MailScanner.<br><br>ossec (ossec.net) has 'active response' and might help with automating <br>this if you want something more robust and faster than a cron job <br>running a shell script. It's quite good, and it's response is within <br>seconds, not minutes, but does need some tweaking for your
needs.<br><br>Ken Anderson<br>Pacific.Net<br><br>-- <br>MailScanner mailing list<br>mailscanner@lists.mailscanner.info<br>http://lists.mailscanner.info/mailman/listinfo/mailscanner<br><br>Before posting, read http://wiki.mailscanner.info/posting<br><br>Support MailScanner development - buy the book off the website! <br></blockquote><br><p> Send instant messages to your online friends http://au.messenger.yahoo.com