On Thu, Mar 31, 2011 at 1:41 PM, Stan Hoeppner <s...@hardwarefreak.com>wrote:
> D G Teed put forth on 3/31/2011 10:21 AM: > > > I'd like some idea of what real world values would be useful, or > additional > > suggestions > > on how to make the performance less attractive to users of compromised > > accounts. > > When you find a reasonable and effective solution to the phishing > problem please share it with the rest of us. > > The only sure fire solution I'm currently aware of is mass executions of > stupid and/or ignorant people who have no business using a computer or > email. The obvious problem with this solution is it requires > exterminating well over half the human race, including many/most of my > family members. Not an appealing solution. > I think you misunderstood what I wrote. I listed actual postfix variables, looking for input on practical values. This isn't unreasonable to expect. I've implemented restrictions on our webmail's SMTP to the point that spammers login, send a few emails, find it doesn't work for large number of recipients and then logout. It works and I'm not dreaming. Horde developers have also set up limits which greatly discourage spamming. The only problem is we can't choke the number of recipients on our general SMTP. I was hoping for angles on rate limiting which normal users could live with but would be useless for spam. In the couple of responses so far, it seems it requires something external - too bad it requires more layers - I hoped it was within the capabilities of anvil and such. Actually, this conversation has me thinking, maybe we should have a dedicated SMTP just for external SMTP + TLS + SASL. That way I can do the same recipient limit throttling and tell people not to expect it will work for mass mail outs. --Donald
