Rate Limiting
in [Postfix]
|
Prev: reject_unverified_sender in postfix woud like to over ride withemail address
Next: Disable Connection Cache for local filters
From: Gary Smith on 20 May 2010 02:47 > I came across Policyd. It seems to follow similar Perl script for rate > limiting. Does that sound like a solution ? If it fits your needs, then yes.
From: Appliantologist on 21 May 2010 16:32 On Wed, May 19, 2010 at 9:58 AM, Stan Hoeppner <stan(a)hardwarefreak.com> wrote: > punit jain put forth on 5/19/2010 12:52 AM: > >> I am using Postfix as an MTA but I see nowadays lot of spam going out of my >> system. I have used transport based throttling for a domain but I am looking >> for options for per sender based rate limiting. Can I achieve per user based >> throttling using postfix or I have to use some 3rd party software ? > > Throttling is not the solution to fight spam originating within your > network. If you know who is doing it, boot him. If you don't, identify who > it is, then boot him. Period. Why are you playing paddy cakes with a > spammer on your network? > > If this spam is due to php/sql injection, fix/patch or eliminate the hole > that is being exploited instead of trying to throttle it. Stan, I've seen everything set up per the documents and all the online tests showing that i'm not an open relay. I have no need for external sendmail and I've used all the proper configs and all the suggestions on the list, and I still get some guy with watches for sale who can send mail anyway. When I asked on the list, I was told post my logs etc, which would be very handy for a spammer probably reading this list. What I would like to due is block all sendmail to any address other than those in the virtual file and those originating from localhost. I have no legitimate users that should be able to send anything from the machine. I figured it's be pretty easy, say have some file like used in the various popauth schemes. If the IP address of the connection in not in the list, NO relay. It wasn't. Strict 822RFC is set and it doesn't stop the guy from sending from <> best
From: Noel Jones on 21 May 2010 16:52 On 5/21/2010 3:32 PM, Appliantologist wrote: > On Wed, May 19, 2010 at 9:58 AM, Stan Hoeppner<stan(a)hardwarefreak.com> wrote: >> punit jain put forth on 5/19/2010 12:52 AM: >> >>> I am using Postfix as an MTA but I see nowadays lot of spam going out of my >>> system. I have used transport based throttling for a domain but I am looking >>> for options for per sender based rate limiting. Can I achieve per user based >>> throttling using postfix or I have to use some 3rd party software ? >> >> Throttling is not the solution to fight spam originating within your >> network. If you know who is doing it, boot him. If you don't, identify who >> it is, then boot him. Period. Why are you playing paddy cakes with a >> spammer on your network? >> >> If this spam is due to php/sql injection, fix/patch or eliminate the hole >> that is being exploited instead of trying to throttle it. > > Stan, > > I've seen everything set up per the documents and all the online tests > showing that i'm not an open relay. I have no need for external > sendmail and I've used all the proper configs and all the suggestions > on the list, and I still get some guy with watches for sale who can > send mail anyway. When I asked on the list, I was told post my logs > etc, which would be very handy for a spammer probably reading this > list. The spammer is already using your machine; showing us your logs and config can't make it worse. Without proper evidence of the problem we can't help you further. -- Noel Jones
From: Gary Smith on 21 May 2010 17:37 > I've seen everything set up per the documents and all the online tests > showing that i'm not an open relay. I have no need for external > sendmail and I've used all the proper configs and all the suggestions > on the list, and I still get some guy with watches for sale who can > send mail anyway. When I asked on the list, I was told post my logs > etc, which would be very handy for a spammer probably reading this > list. Filter out your IP's and replace them with "x.x.x.x". I believe that was mentioned several times. Then filter out the recipient domain names, replace it with example.com. Then filter out any other internal stuff that will identify the machine. Now, with filter, it doesn't mean remove each line you think is irrelevant, it means replacing it with meaningless data that can still be used to identify the original intent. Providing this information doesn't help the spammers at all. > > What I would like to due is block all sendmail to any address other > than those in the virtual file and those originating from localhost. I > have no legitimate users that should be able to send anything from the > machine. > Email is originating from that machine somehow. It could be an act of religion or magic. As such, the best thing to do in that case is for us to guess, at best. > I figured it's be pretty easy, say have some file like used in the > various popauth schemes. If the IP address of the connection in not in > the list, NO relay. It wasn't. Strict 822RFC is set and it doesn't > stop the guy from sending from <> Still, there is little people on this list can do to help you without the additional information.
From: brian moore on 21 May 2010 18:04
On Fri, 21 May 2010 23:32:27 +0300 Appliantologist <octobit(a)gmail.com> wrote: > I figured it's be pretty easy, say have some file like used in the > various popauth schemes. If the IP address of the connection in not in > the list, NO relay. It wasn't. Strict 822RFC is set and it doesn't > stop the guy from sending from <> Strict RFC821, you mean: 'MAIL FROM:<>' is SMTP and therefore part of RFC821. As for strictness, RFC821 is poorly worded, but the intent (clarified in 2821) is that MAIL FROM:<> is legitimate and, in fact, mandatory for DSN's. See example 7 in RFC821. RFC822 has to do with mail headers, not SMTP. |