On 30 Nov 2005 at 20:23, Marten Lehmann wrote about
"[exim] limiting messages send by ce":
| we are hosting websites of several thousand customers and a few of them
| are obviously using insecure formmail scripts. While it's impossible to
| get rid of all formmail-scripts, I'm thinking about a solution within
| the mta (exim) to limit the messages that may be send within a certain
| period.
What I do is check the the number of recipients per message, and
reject if it is over a very small number (3). The idea is that web-
form email is only intended to be sent to one or two recipients (e.g.
"submit this support question, and send me a copy").
verify = header_syntax is also very good at catching emails generated
by an abused formmail script. That's because such messages generally
have duplicate headers - the legitimate headers generated by the
script and the headers injected by the abuser.
|...
- Fred
