On Mon, 1 Jul 1996, Mark Murray wrote:
> Sure there is a lot of risk - this is a root/postmaster-only operation.
I know. But postmasters are not all perfect. :-)
I would rather, for such extreme cases, use a scheme where one script
produces a list of messages to be killed so that a human could vet it
before actually going ahead.
> We are suffering from a group of spammers called kOS, and they inject
> LARGE (1000+) number of mail items into our (and others' machines) at
> a time.
Always from the same place? Can you not block that? Exim can also block
on senders (see sender_reject).
Also, have you realized that you can have a system filter file with
Exim, which every message addressed to a local domain is passed through?
If the rules available in the filter are powerful enough for you, you
might be able to do things that way. Set up a first director something
like
systemfilter:
driver = forwardfile;
filter,
file = /etc/system/mailfilter
and make sure that you don't do any "significant" deliveries in the
filter file for messages that are OK. Of course, this isn't helpful if
the spam is addressed to non-local domains.
> The only way to kill them now is with a creative "find/grep". It would be
> nice if the MTA would cooperate :-)
The MTA-writer is eager to be helpful... :-)
--
Philip Hazel University Computing Service,
ph10@??? New Museums Site, Cambridge CB2 3QG,
P.Hazel@??? England. Phone: +44 1223 334714
