Hi, We have a few scripts in place to handle (outgoing) spam outbreaks.
This works well, but we struggle a bit with one scenario where the username and password are in the wild, and the spammer connects to the email server and sends multiple emails through the same connection. Because even if we lock the account, the session is still active so they can spam until the connection is terminated. The same scenario occurs if a botnet has set up multiple connections, but the server is laggy or whatever so they've authenticated, but haven't gotten to the "DATA" part of the SMTP dialogue yet (BTW: some spambots appear to exhibit speculative behaviour here - as if they do this on purpose). So... what's the recommended approach here? Is there an easy way to tear down specific (by a particular user) connections? Thanks in advance. -- Vegard Svanberg <veg...@svanberg.no> [*Takapa@IRC (EFnet)]
