When dealing with web based submission, the best thing I have found is to make sure the web based submission adds its own headers like what it is and where the user came from and such so when diagnosing the problem one can easily block based on that information. If there is an account involved, you should include that info as well.
If you're really cracking this nut properly, you'd include heuristics to temporarily block if too many messages are sent in a given time period, and permanently block pending review if too many temporary blocks occur within a given time period. Thanks, -- Todd Fries .. t...@fries.net _____________________________________________ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | "..in support of free software solutions." \ 250797 (FWD) | \ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt Penned by Uwe Dippel on 20090410 9:42.21, we have: > I'm running postfix as MTA on a machine with several CMS, on a chrooted > Apache. Recently, there is a huge number of spam being sent from there, > alas. When I scan the postfix-logs, all those come from 'root', meaning > they don't come through port 25. I run OpenBSD with mini-sendmail, and now > I wonder how I could find out from which CMS they are sent. Is there any > chance to find out from which CMS they are sent? > > Thanks, > > Uwe
