Phil (Sphinx) wrote on Sun, 28 May 2006 20:49:41 +0200: > I don't think they do not appear... because when I test it myself, with > the SARE Bcc rule, it seems to work :
The bcc is either stripped out or ignored by an MTA if it is in the header of a mail because it is useless there and can compromise privacy. The MTA doesn't use it for delivery. From the MTA side it gets only one RCPT TO after another, headers don't matter. If there are rules that check for the bcc they cater for those spammers/spam software who mistakenly add this header (and it doesn't get stripped before it reaches SA). You will have to manage your restrictions mostly on the MTA side I guess and it very much depends on which way those spammers send the mail. And as a first I'd add some barrier in your "open source forge" management software so that getting an account isn't *that* easy. After that think about how they send mail, then you can determine which might be the best way to stop them. You will most likely need to rely on what your MTA offers you in terms of throttling connections, recipients and such. Another measure which can help in detecting abuse is monitoring the number of processes and the mail queue (outgoing spam typically increases the queue quite a bit because there are always addresses that don't exist and get resent over and over). Also, if you scan outgoing messages for spam this should take care of most of the outgoing spam. What you need is a strategy against spammer accounts, not an SA rule. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com