Hi Joachim
I know that right now I'm mostly going at it in the wrong way but I
have to fix it quickly and without changing the infrastructure. I'm not
a windows or layer 7 person but rather a layer 1 to layer 4 in my
background, so I'm trying to find a solution in those layers. I work in
an environment where I'm told: Fix it without spending money ...
The webapp development was outsourced thus the developers aren't
local. Blunt objects aren't an option :-(
The legitimate email structure (subject and content) is pretty
limited and steady. Will sendmail + procmail to filter emails be a
solutions?
I will try to implement rate limiting.
TIA
Paolo
Joachim Schipper wrote:
On Fri, Apr 13, 2007 at 10:17:51PM -0400, Paolo Supino wrote:
Hi Bob
The webapp does talk to a real mail server: on localhost (IIS6 SMTP
service). When a spammers abuses the webapp the email is actually sent
via the local mail server and not directly from the webapp to all the
mail servers on the Internet. Rate limiting isn't an option because
emails must be out the door within a very short time frame from the
moment a set of events is triggered in the webapp.
Right now the only way I can think of is limit the SMTP service to
connect only to authorized remote SMTP servers that I will manage
manually (I'm in the process of checking how often I would have to
change the list to see if it's feasible). You wrote that I can do it
with spamd, how?
Another option I thought of is setting up a sendmail relay on another
computer and let that sendmail only relay specific emails according to a
set of criteria (that fit only valid emails).
You are going about this all wrong. First step is finding a suitable
blunt instrument and getting the developers to fix it. The second step
is configuring rate limiting, along the lines of '1000 mails/hour';
this will allow a large batch of e-mail to get through immediately, but
stop spammers. What you're planning now is both less effective and way
more work.
Joachim
