[qmailtoaster] how to control local infected users?
Hello, Yesterday, a local user was infected by a virus, and it start sending thousands (100.000 aprox) of spam mails (it converted in a sort of open-relay). Each mail only include 4 or 5 recipients. My qmail-toaster accepted them, becouse the user was using smtp-auth, and the user didn´t violate my chkusers policies. How can I control such behaviour? Natalio.
Re: [qmailtoaster] how to control local infected users?
Natalio Gatti wrote: Hello, Yesterday, a local user was infected by a virus, and it start sending thousands (100.000 aprox) of spam mails (it converted in a sort of open-relay). Each mail only include 4 or 5 recipients. My qmail-toaster accepted them, becouse the user was using smtp-auth, and the user didn´t violate my chkusers policies. How can I control such behaviour? There isn't really way to control this. If they're flooding the system you could use a firewall rule to block them if they send mroe than x number of emails in a 60 second span, but ultimately they will still have the virus and need to be cleaned. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] how to control local infected users?
On Thu, Jul 31, 2008 at 10:23 AM, Jake Vickers [EMAIL PROTECTED] wrote: Natalio Gatti wrote: Hello, Yesterday, a local user was infected by a virus, and it start sending thousands (100.000 aprox) of spam mails (it converted in a sort of open-relay). Each mail only include 4 or 5 recipients. My qmail-toaster accepted them, becouse the user was using smtp-auth, and the user didn´t violate my chkusers policies. How can I control such behaviour? There isn't really way to control this. If they're flooding the system you could use a firewall rule to block them if they send mroe than x number of emails in a 60 second span, but ultimately they will still have the virus and need to be cleaned. Of course! The machine is already cleaned. But i just wanted to know which preventive measures should I include to avoid future floodings. Firewall via iptables was the first option, but this clients comes from a NATted network, so is difficult to isolate him. I was thinking something like controlling particular useres in chkuser.
