EB wrote:
We also have a problem to scan outgoing mail. It seems like a user onEB, if mails are originating from 127.0.0.1 and is being sent by [EMAIL PROTECTED] then this really a matter of concern. It may not be necessary tht some of your internal user is creating the problem for you, but it might be some script in your web application that is used to send mails or notifications to the end users and the spammers are exploiting that script.
our server is making scripts to send out spam to a large list of AOL
users in the "Cc" part that we are still trying to track them down. The mail header looks as it was sent from our local 127.0.0.1 from
[EMAIL PROTECTED] user, so we can't block user or ip address.
I had considered the other's suggestion to use a wrapper for sendmail, but looking at the dependencies of /usr/sbin/sendmail, it seems like a lot of work to replace it with the wrapper as everyone knows the location of /usr/sbin/sendmail already.
Is there a way in spamassassin that we can set a rule to reject mail that contains a large list of "Cc" ?
This might be because one of your CGI script might be sending mails or notifications using command line "sendmail" and spammers can easily pass parameters through the browser address bar and add a lot of cc to the mail.
So apart from trying to block the spams originating from your server try to trace down the CGI script. Look for a script that has sendmail in it, hopefully that might solve your problem. Also using command line sendmail in CGI script is really a bad idea, if you are using perl then better use MIME::Lite or something like that to send mails and notifications.
--
Regards, Rakesh B. Pal
Emergic CleanMail Team.
Netcore Solutions Pvt. Ltd.
======================================================================== I came, I saw, I conquered ========================================================================
---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ----------------------------------------------------------
