Not allowing quantities of mails from gmail...

dioxido_ironport · ‎04-25-2007

Im having a big problem.....some jerk is sending a lot of spam mail to my domain....the mails come from @gmail.com and always the mail is sent to 10 or 15 people from my domain(each mail that limit).
If a mail with more than 6 recipients @mydomain.com comes, i want it to go to quarantine for example or drop.

Is there any way to put a limit to all the emails from @gmail.com to the number of recipients to my domain?
For example i want that all the emails from @gmail.com cant be sent to more than 5 people to my domain.
This guy knows a lot of people of my enterprise from where im working and is sending lots of mails to a lot of people, he had once the entire list of users in my enterprise.
Thank you!!!

jaigill · ‎04-25-2007

You can choose to quarantine messages from 'gmail.com' if the message has more than 5 recipients via the following message filter:

quarantine_high_rcpt:
if ((rcpt-count >5) AND ((mail-from == '(?i)@gmail\\.com$') OR (header("From") == '(?i)@gmail\\.com$'))) {
quarantine("Policy");
}

Make sure that the 'if' statement has no line breaks when you attempt to add this filter.

Hope this helps!!

dioxido_ironport · ‎04-26-2007

Im too noob to add those lines :S
I ve searched into the Incoming content filters but i dont have any option to put those in the way you told me
How can i add those? Im starting managing this appliance since a couple of weeks, please be patient :P Thx!

jaigill · ‎04-26-2007

Take a look at knowledgebase "answer id 275".

dioxido_ironport · ‎04-27-2007

Thanx man, i should start using that tool called KNOWLEDGBASE LOL
Thank you very much!

EDIT: i did what you said and nothing :( the rule is active, i had commited the rule but still mails from @gmail.com with more than 5 recipients in the email comes and are delivered.

dioxido_ironport · ‎04-27-2007

I know what this wont work with GMAIL.....if i send a mail to my domain via gmail with 5 recipients...gmails sends 5 different mails with 1 recipient each to my domain.....

in hotmail this works, hotmail send 1 mail with the 5 recipients inside, but gmail instead of mail 1 mail with 5 recipients....they send me 5 connections with 1 recipient each one! How can i stop this now ?:(

davidl_ironport · ‎04-28-2007

Take a look at how throttle works. You can reduce anything to anyone.
For example : 1 IP, 1 connection, 1 mail, for an hour...

Create a mail flow policy with it.

dioxido_ironport · ‎04-30-2007

Nevermind...thanx anyway...its impossible to do that you said...lots of valid gmail mails with 1 recipient comes by hour, if i do that i will be hang here at work :P
Thank anyway!!

steven_geerts · ‎05-21-2007

Im having a big problem.....some jerk is sending a lot of spam mail to my domain....the mails come from @gmail.com and always the mail is sent to 10 or 15 people from my domain(each mail that limit).

How did you find out this if Gmail is sending one rcpt per message they send out?

Perhaps you spammer just uses the gmail.com domain as sending domain and is not sending the spam to you using the Gmail mail servers. (This is very common for spam senders).
In that case your rule might work as expected, you could even think of "sharpening the rule" by setting it to quarantine all messages from Gmail with more that one rcpt

regards Steven