Vegard Svanberg:
[ Charset ISO-8859-1 converted... ]
> Hi,
>
> We have a few scripts in place to handle (outgoing) spam outbreaks.
>
> This works well, but we struggle a bit with one scenario where the
> username and password are in the wild, and the spammer connects to the
> email server and sends multiple emails through the same connection.
>
> Because even if we lock the account, the session is still active so they
> can spam until the connection is terminated.
>
> The same scenario occurs if a botnet has set up multiple connections,
> but the server is laggy or whatever so they've authenticated, but
> haven't gotten to the "DATA" part of the SMTP dialogue yet (BTW: some
> spambots appear to exhibit speculative behaviour here - as if they do
> this on purpose).
>
> So... what's the recommended approach here?
Use POSTFWD to enforce mail sending quotas.
Wietse
