Hello all,
Talking about the customer outgoing SMTP servers, where customers connect
and are forced to SMTPAuth before they can send mail out to the Internet.
We use LDAP for SMTPAuth verification.
Occasionally, a customer account is compromised, and used for sending large
volumes of spam.
We have a system in place that detects this, and immediately sets the LDAP
"accountStatus" to "disabled".
However, quite often the 3rd party involved uses software that can use
pipelining, and simply keeps sending mail, even though the SMTPAuth account
has been stopped.
Naturally, we can simply restart Postfix, thereby dropping all connections
and forcing SMTPAuth again. But this is rather undesirable, and unattractive.
Are there other solutions to consider?
Can we add something similar to the "smtpd_client_restrictions" or
"smtpd_recipient_restrictions", and adding a new rule-entry which would
simply confirm that the "SMTPAuth LDAP 'user' used way back, is still
accountStatus=enabled" ?
Or, can we set a maximum limit on number of pipelining emails allowed, say,
50, that at least we still have the spammers get cut off, but retain the
efficiency of pipelining.
Should we simply disable pipelining on the SMTP clusters? Customers
"probably" are not negatively affected by this setting.
--
Jorgen Lundman | <lund...@lundman.net>
Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell)
Japan | +81 (0)3 -3375-1767 (home)
