[Esd-l] badtrans ad infinitum

[Andy Feldt]

Chris Parigger wrote (in part):
>  I/we have been flodded with Sircam back in July, whereby
> "overfloweth" resulted in my/our quarantine. Therefore,
>  the milder solution would perhaps be to blackhole (or bit-bucket
> into /dev/null) active email received at a 
>  set rate from certain sites (rather than blocking the whole site).

I have found only occasional specific usernames which flood my
quarantine file.  So I use a simple recipe to throw away all
mail from them for a short time (usually a day or two) while
I monitor the procmail log file to see if the flood has stopped.

The recipe is:

# special to zap the user at some.domain output for a while... 
:0
* ^From.*user at some.domain
/dev/null

and is placed in my local-rules.procmail file before any other rules.
This has the disadvantage that the particular remote user
cannot contact me during the blockade.  However, as long as
I watch the procmail log file carefully and remove this in
a timely fashion, it is quite effective.

Andy

---
Andy Feldt
Senior System Support Programmer
Adjunct Assistant Professor
Department of Physics and Astronomy
The University of Oklahoma