We also have a problem to scan outgoing mail. It seems like a user on our server is making scripts to send out spam to a large list of AOL users in the "Cc" part that we are still trying to track them down. The mail header looks as it was sent from our local 127.0.0.1 from [EMAIL PROTECTED] user, so we can't block user or ip address.
I had considered the other's suggestion to use a wrapper for sendmail, but looking at the dependencies of /usr/sbin/sendmail, it seems like a lot of work to replace it with the wrapper as everyone knows the location of /usr/sbin/sendmail already. Is there a way in spamassassin that we can set a rule to reject mail that contains a large list of "Cc" ? On Tue, 1 Feb 2005 08:01:50 -0500 (EST), Tom Gwilt <[EMAIL PROTECTED]> wrote: > Well, for the past year or so I've been using a FreeBSD box running > postfix/amavisd/spamassassin. > > All outbound mail from our mx goes to this server and is scanned. Anything > scoring 14 or more is sent to a quarantine mailbox. > > This has saved my butt many, many times. Just yesterday, one of our cable > modem users computers was infected with a worm and spewed over 50,000 spam > messages that never made it out of our network. > > Now if I could only find a way to stop them before they hit the > mailserver... > > Tom >
