Rate Limiting
in [Postfix]
|
Prev: reject_unverified_sender in postfix woud like to over ride withemail address
Next: Disable Connection Cache for local filters
From: punit jain on 19 May 2010 01:52 Hi , I am using Postfix as an MTA but I see nowadays lot of spam going out of my system. I have used transport based throttling for a domain but I am looking for options for per sender based rate limiting. Can I achieve per user based throttling using postfix or I have to use some 3rd party software ? If no what rate limiting software can I use to achieve this. Thanks, Punit
From: Ashwin Muni on 19 May 2010 02:00 On Wed, May 19, 2010 at 11:22 AM, punit jain <contactpunitjain(a)gmail.com>wrote: > Hi , > > I am using Postfix as an MTA but I see nowadays lot of spam going out of my > system. I have used transport based throttling for a domain but I am looking > for options for per sender based rate limiting. Can I achieve per user based > throttling using postfix or I have to use some 3rd party software ? > > If no what rate limiting software can I use to achieve this. > > Thanks, > Punit > You can use Milters to attain the desired result. You can also refer http://www.postfix.org/rate.html which great to start off with -- Ashwin
From: Stan Hoeppner on 19 May 2010 02:58 punit jain put forth on 5/19/2010 12:52 AM: > I am using Postfix as an MTA but I see nowadays lot of spam going out of my > system. I have used transport based throttling for a domain but I am looking > for options for per sender based rate limiting. Can I achieve per user based > throttling using postfix or I have to use some 3rd party software ? Throttling is not the solution to fight spam originating within your network. If you know who is doing it, boot him. If you don't, identify who it is, then boot him. Period. Why are you playing paddy cakes with a spammer on your network? If this spam is due to php/sql injection, fix/patch or eliminate the hole that is being exploited instead of trying to throttle it. -- Stan
From: Punit Jain on 19 May 2010 05:19 > Throttling is not the solution to fight spam originating within your network. If you know who is doing it, boot him. If you don't, identify who it is, then boot him. Period. Why are you playing paddy cakes with a spammer on your network? Its not user on my network, rather a stolen password which spammer used to authenticate and spam. Worst part is by the time I came to know there were already 20,000 messages in the Queue, harm was already done. I feel using rate limiting would help prevent that.
From: Stan Hoeppner on 19 May 2010 06:33
Punit Jain put forth on 5/19/2010 4:19 AM: > >> Throttling is not the solution to fight spam originating within your > network. If you know who is doing it, boot him. If you don't, identify > who it is, then boot him. Period. Why are you playing paddy cakes with a > spammer on your network? > > Its not user on my network, rather a stolen password which spammer used to authenticate and spam. Worst part is by the time I came to know there were already 20,000 messages in the Queue, harm was already done. I feel using rate limiting would help prevent that. Then just delete the 20K messages from the queue using postsuper within a script and reset the password on the compromised account. There's an example script in the postsuper man page for deleting all messages in the queue addressed to a given recipient. You should be able to easily modify it to delete all messages from a given sender. Something like this maybe: mailq | tail +2 | grep -v '^ *(' | awk 'BEGIN { RS = "" } # $7=sender, $8=recipient1, $9=recipient2 { if ($7 == "hacked-acct(a)yourdomain.com") print $1 } ' | tr -d '*!' | postsuper -d - -- Stan |