Quoting Jonathan Hunter (Thu, Oct 14, 1999 at 07:06:18PM +0100)
> I guess I should have defined the problem a little more clearly :)
>
> The machine will be sat on a subnet where there are also public-access (to
> students) Windows NT machines. I would like to be able to use it as a relay
> for project-related email (the machine is a server dedicated to this
> project) for a number of reasons, but there is the possibility that somebody
> could:
>
> a) discover that the machine is there (it's not widely advertised), and
> b) run a bulk-email program on a public machine, directing it towards this
> server.
>
> I don't think that is all that likely, but I did wonder how the larger ISPs
> (running Exim) prevented their dialups from running bulk emailers directed
> at the mail server.
>
> If there isn't a simple rule or way of detecting such large quantities of
> mail from one of a particular range of IP addresses, then it's not the end
> of the world; I would have turned this feature on if it was there, that's
> all. And as you say, "after the event" action can always be taken. I was
> just hoping that there was some way of detecting it as it was happening, or
> before it happened..
Do you run any kind of mailing lists on this server? If not, then you
can set a test that will freeze all mail with more than 10 recipients.
Then you can look at them and desided if they are spam or not.
Of course, you could set it up so that it accept relay mail only from
a certain network, then ban anyone else from relaying though it.
--
Yann Golanski Internet Systems Developer
yann.golanski@??? The Planet Online