On Fri, Apr 13, 2007 at 10:17:51PM -0400, Paolo Supino wrote:
> Hi Bob
>
> The webapp does talk to a real mail server: on localhost (IIS6 SMTP
> service). When a spammers abuses the webapp the email is actually sent
> via the local mail server and not directly from the webapp to all the
> mail servers on the Internet. Rate limiting isn't an option because
> emails must be out the door within a very short time frame from the
> moment a set of events is triggered in the webapp.
> Right now the only way I can think of is limit the SMTP service to
> connect only to authorized remote SMTP servers that I will manage
> manually (I'm in the process of checking how often I would have to
> change the list to see if it's feasible). You wrote that I can do it
> with spamd, how?
> Another option I thought of is setting up a sendmail relay on another
> computer and let that sendmail only relay specific emails according to a
> set of criteria (that fit only valid emails).
You are going about this all wrong. First step is finding a suitable
blunt instrument and getting the developers to fix it. The second step
is configuring rate limiting, along the lines of '1000 mails/hour';
this will allow a large batch of e-mail to get through immediately, but
stop spammers. What you're planning now is both less effective and way
more work.
Joachim
