On Jul 24, 2012, at 6:23 AM, Len Conrad wrote: > At 04:16 PM 7/23/2012, you wrote: >> Hello, >> >> Sorry for the broad question, but is there any sort of best common practice >> these days regarding limiting outbound email? We recently had a customer's >> account compromised (not sure if it was brute-forced or keylogged) and then >> the perp proceeded to use their credentials to smtp-auth themselves a huge >> load of vxxxxxa spam. >> >> I'd like to take some measures to limit what an authenticated sender can do >> but not limit legitimate use. I assume this is not an uncommon scenario, >> but pointers from those with more Postfix experience would be quite welcome. >> >> I do have amavis available for outbound virus scanning, and could >> conceivably have it do the same with spam scanning but that feels not quite >> right (and probably fairly resource intensive if someone was trying to cram >> tens of thousands of messages through the system). >> >> Thanks, >> >> Charles > > I've been using postfwd.org for rate-limiting outbound senders, and inbound > senders and IPs, plus lots of other inbound filtering, for a 2+ years. It > killed our horrible problem of cracked passwords.
If you could share some of the basics of that config, I'd love to see them. I looked at that briefly before slogging through policyd/cluebringer, and a (very quick) read of their intro page didn't make it obvious that you could track per-user message counts. Does anyone use the old non-perl policyd1? That looked like an easy setup, but it's quite old. For anyone interested, a very basic per-user (more specifically, per authenticated user, which is the only kind of user I've got outside of web apps submitting w/php) setup ended up being fairly easy to implement. The config is all sql-based, I'd be more than happy to share a dump of the config I ended up with. I have some doubts about how well it scales, and I've also added another single point of failure to all inbound and outbound email, but it does what it says it does. The policy I setup basically matches all sasl-authenticated users and puts them in a queue that limits them to 100 messages per hour. That's my starting point, I'll probably adjust it at some point. For web applications, I'm going to install ssmtp and configure that to send with a dedicated username which will have its own limits. Thanks, Charles > Len > > > > > > >
