From: punit jain on
Hi ,

I am using Postfix as an MTA but I see nowadays lot of spam going out of my
system. I have used transport based throttling for a domain but I am looking
for options for per sender based rate limiting. Can I achieve per user based
throttling using postfix or I have to use some 3rd party software ?

If no what rate limiting software can I use to achieve this.

Thanks,
Punit
From: Ashwin Muni on
On Wed, May 19, 2010 at 11:22 AM, punit jain <contactpunitjain(a)gmail.com>wrote:

> Hi ,
>
> I am using Postfix as an MTA but I see nowadays lot of spam going out of my
> system. I have used transport based throttling for a domain but I am looking
> for options for per sender based rate limiting. Can I achieve per user based
> throttling using postfix or I have to use some 3rd party software ?
>
> If no what rate limiting software can I use to achieve this.
>
> Thanks,
> Punit
>


You can use Milters to attain the desired result. You can also refer

http://www.postfix.org/rate.html which great to start off with

--
Ashwin
From: Stan Hoeppner on
punit jain put forth on 5/19/2010 12:52 AM:

> I am using Postfix as an MTA but I see nowadays lot of spam going out of my
> system. I have used transport based throttling for a domain but I am looking
> for options for per sender based rate limiting. Can I achieve per user based
> throttling using postfix or I have to use some 3rd party software ?

Throttling is not the solution to fight spam originating within your
network. If you know who is doing it, boot him. If you don't, identify who
it is, then boot him. Period. Why are you playing paddy cakes with a
spammer on your network?

If this spam is due to php/sql injection, fix/patch or eliminate the hole
that is being exploited instead of trying to throttle it.

--
Stan

From: Punit Jain on

> Throttling is not the solution to fight spam originating within your
network. If you know who is doing it, boot him. If you don't, identify
who it is, then boot him. Period. Why are you playing paddy cakes with a
spammer on your network?

Its not user on my network, rather a stolen password which spammer used to authenticate and spam. Worst part is by the time I came to know there were already 20,000 messages in the Queue, harm was already done. I feel using rate limiting would help prevent that.

From: Stan Hoeppner on
Punit Jain put forth on 5/19/2010 4:19 AM:
>
>> Throttling is not the solution to fight spam originating within your
> network. If you know who is doing it, boot him. If you don't, identify
> who it is, then boot him. Period. Why are you playing paddy cakes with a
> spammer on your network?
>
> Its not user on my network, rather a stolen password which spammer used to authenticate and spam. Worst part is by the time I came to know there were already 20,000 messages in the Queue, harm was already done. I feel using rate limiting would help prevent that.

Then just delete the 20K messages from the queue using postsuper within a
script and reset the password on the compromised account. There's an
example script in the postsuper man page for deleting all messages in the
queue addressed to a given recipient. You should be able to easily modify
it to delete all messages from a given sender. Something like this maybe:

mailq | tail +2 | grep -v '^ *(' | awk 'BEGIN { RS = "" }
# $7=sender, $8=recipient1, $9=recipient2
{ if ($7 == "hacked-acct(a)yourdomain.com")
print $1 }
' | tr -d '*!' | postsuper -d -


--
Stan