We also have a problem to scan outgoing mail. It seems like a user on our server is making scripts to send out spam to a large list of AOL users in the "Cc" part that we are still trying to track them down. The mail header looks as it was sent from our local 127.0.0.1 from [EMAIL PROTECTED] user, so we can't block user or ip address.
Well, I'm not a network admin, but I play one on TV. Just kidding. I was a level 1 tech who dabbled on the mail server and was dangerous enough to be dangerous, but our maillog showed the IP of the mail session. This was sendmail.
If your mail server / logs do not have this capability, you need a more secure solution, IMHO.
I had considered the other's suggestion to use a wrapper for sendmail, but looking at the dependencies of /usr/sbin/sendmail, it seems like a lot of work to replace it with the wrapper as everyone knows the location of /usr/sbin/sendmail already.
Is there a way in spamassassin that we can set a rule to reject mail that contains a large list of "Cc" ?
Spamassassin will NOT reject anything anytime anywhere. No capability to do so.
