From: Gary Smith on
> I came across Policyd. It seems to follow similar Perl script for rate
> limiting. Does that sound like a solution ?

If it fits your needs, then yes.
From: Appliantologist on
On Wed, May 19, 2010 at 9:58 AM, Stan Hoeppner <stan(a)hardwarefreak.com> wrote:
> punit jain put forth on 5/19/2010 12:52 AM:
>
>> I am using Postfix as an MTA but I see nowadays lot of spam going out of my
>> system. I have used transport based throttling for a domain but I am looking
>> for options for per sender based rate limiting. Can I achieve per user based
>> throttling using postfix or I have to use some 3rd party software ?
>
> Throttling is not the solution to fight spam originating within your
> network.  If you know who is doing it, boot him.  If you don't, identify who
> it is, then boot him.  Period.  Why are you playing paddy cakes with a
> spammer on your network?
>
> If this spam is due to php/sql injection, fix/patch or eliminate the hole
> that is being exploited instead of trying to throttle it.

Stan,

I've seen everything set up per the documents and all the online tests
showing that i'm not an open relay. I have no need for external
sendmail and I've used all the proper configs and all the suggestions
on the list, and I still get some guy with watches for sale who can
send mail anyway. When I asked on the list, I was told post my logs
etc, which would be very handy for a spammer probably reading this
list.

What I would like to due is block all sendmail to any address other
than those in the virtual file and those originating from localhost. I
have no legitimate users that should be able to send anything from the
machine.

I figured it's be pretty easy, say have some file like used in the
various popauth schemes. If the IP address of the connection in not in
the list, NO relay. It wasn't. Strict 822RFC is set and it doesn't
stop the guy from sending from <>

best

From: Noel Jones on
On 5/21/2010 3:32 PM, Appliantologist wrote:
> On Wed, May 19, 2010 at 9:58 AM, Stan Hoeppner<stan(a)hardwarefreak.com> wrote:
>> punit jain put forth on 5/19/2010 12:52 AM:
>>
>>> I am using Postfix as an MTA but I see nowadays lot of spam going out of my
>>> system. I have used transport based throttling for a domain but I am looking
>>> for options for per sender based rate limiting. Can I achieve per user based
>>> throttling using postfix or I have to use some 3rd party software ?
>>
>> Throttling is not the solution to fight spam originating within your
>> network. If you know who is doing it, boot him. If you don't, identify who
>> it is, then boot him. Period. Why are you playing paddy cakes with a
>> spammer on your network?
>>
>> If this spam is due to php/sql injection, fix/patch or eliminate the hole
>> that is being exploited instead of trying to throttle it.
>
> Stan,
>
> I've seen everything set up per the documents and all the online tests
> showing that i'm not an open relay. I have no need for external
> sendmail and I've used all the proper configs and all the suggestions
> on the list, and I still get some guy with watches for sale who can
> send mail anyway. When I asked on the list, I was told post my logs
> etc, which would be very handy for a spammer probably reading this
> list.

The spammer is already using your machine; showing us your
logs and config can't make it worse.

Without proper evidence of the problem we can't help you further.

-- Noel Jones

From: Gary Smith on
> I've seen everything set up per the documents and all the online tests
> showing that i'm not an open relay. I have no need for external
> sendmail and I've used all the proper configs and all the suggestions
> on the list, and I still get some guy with watches for sale who can
> send mail anyway. When I asked on the list, I was told post my logs
> etc, which would be very handy for a spammer probably reading this
> list.

Filter out your IP's and replace them with "x.x.x.x". I believe that was mentioned several times. Then filter out the recipient domain names, replace it with example.com. Then filter out any other internal stuff that will identify the machine.

Now, with filter, it doesn't mean remove each line you think is irrelevant, it means replacing it with meaningless data that can still be used to identify the original intent.

Providing this information doesn't help the spammers at all.

>
> What I would like to due is block all sendmail to any address other
> than those in the virtual file and those originating from localhost. I
> have no legitimate users that should be able to send anything from the
> machine.
>

Email is originating from that machine somehow. It could be an act of religion or magic. As such, the best thing to do in that case is for us to guess, at best.

> I figured it's be pretty easy, say have some file like used in the
> various popauth schemes. If the IP address of the connection in not in
> the list, NO relay. It wasn't. Strict 822RFC is set and it doesn't
> stop the guy from sending from <>

Still, there is little people on this list can do to help you without the additional information.

From: brian moore on
On Fri, 21 May 2010 23:32:27 +0300
Appliantologist <octobit(a)gmail.com> wrote:

> I figured it's be pretty easy, say have some file like used in the
> various popauth schemes. If the IP address of the connection in not in
> the list, NO relay. It wasn't. Strict 822RFC is set and it doesn't
> stop the guy from sending from <>

Strict RFC821, you mean: 'MAIL FROM:<>' is SMTP and therefore part
of RFC821. As for strictness, RFC821 is poorly worded, but the intent
(clarified in 2821) is that MAIL FROM:<> is legitimate and, in fact,
mandatory for DSN's.

See example 7 in RFC821.

RFC822 has to do with mail headers, not SMTP.