Christian Rohmann:
> Hello postfix-users,
>
> I'm looking for a way to limit the time or the number of messages an
> established smtp authenticated session can be used for. I already have
> rate limiting (anvil for anti-dos and policy delegation for maintaining
> a quota per hour) in place.
> But if I lock a (hacked) user account and prohibit further smtp auth
> logins, an established connection can still be used to send messages.
The policy protocol does not care if MAIL/RCPT commands are given
in different sessions, in the same session, or whether they are
given in parallel. Just set a proper quota and enforce it with the
policy protocol. Perhaps you can use fail2ban like tools to update
the quota to zero after serious violation.
Wietse
