Anders writes:
How about using iptables and rate-limit? and log+reject the (uid) when exceeded?something like : -m state --state NEW -m recent --set -m state --state NEW -m recent --update --seconds 3600 --hitcount 100 -j NFLOG --nflog-prefix "SMTP count exceeded " -m state --state NEW -m recent --update --seconds 3600 --hitcount 100 -j REJECT
It's my impression that typical spamware would make an SMTP connection, then proceed and start spewing one message after another, on the same connection. Or, open multiple connections, in parallel, then proceed to pump out spam on all of them, simultaneously.
pgpnrWkCrDXHL.pgp
Description: PGP signature
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
