Phil (Sphinx) wrote on Sun, 28 May 2006 20:49:41 +0200:

> I don't think they do not appear... because when I test it myself, with 
> the SARE Bcc rule, it seems to work :

The bcc is either stripped out or ignored by an MTA if it is in the header 
of a mail because it is useless there and can compromise privacy. The MTA 
doesn't use it for delivery. From the MTA side it gets only one RCPT TO 
after another, headers don't matter. If there are rules that check for the 
bcc they cater for those spammers/spam software who mistakenly add this 
header (and it doesn't get stripped before it reaches SA).

You will have to manage your restrictions mostly on the MTA side I guess 
and it very much depends on which way those spammers send the mail. And as 
a first I'd add some barrier in your "open source forge" management 
software so that getting an account isn't *that* easy. After that think 
about how they send mail, then you can determine which might be the best 
way to stop them. You will most likely need to rely on what your MTA 
offers you in terms of throttling connections, recipients and such. 
Another measure which can help in detecting abuse is monitoring the number 
of processes and the mail queue (outgoing spam typically increases the 
queue quite a bit because there are always addresses that don't exist and 
get resent over and over). Also, if you scan outgoing messages for spam 
this should take care of most of the outgoing spam. What you need is a 
strategy against spammer accounts, not an SA rule.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com



Reply via email to