> > I'm sending a copy to root@sfu.ca so that (a) vanepp probably gets it, > > and (b) if vanepp's mail is being stolen somehow that I can't see > > through VRFY and EXPN, the other roots there can deal with it. > > The cracker just wants to mailbomb vanepp. He's done it before, he'll > do it again. Just not from *my* site, if I have anything to say about > it. > > Does ANYBODY have any code that will limit the number of messages a > single user can send per day?? Or any other code to detect mail > bombs? Sending 5 identical messages to different addresses? (Or the > same address, for that matter..) oh that's grand, you want to hack telnet so that it checks the destination port and after x numbers of connects to a smtp port it sais "sorry, you can't send any more mail". a hell of a lot better solution is to get affected sites to install sendmail 8.6.9 because the brialliant crackers who are doing this are clearly too inept to spoof identd - i'm sure a 'helo user@host' will give them the willies and get them to lay off