On Sat, Oct 05, 2013 at 09:59:23AM -0400, Wietse Venema wrote:
> It should be easy enough to count per "login name" instead of per
> "SMTP client" (after all, those labels are just simple strings that
> select a hash-table entry).
>
> However it should not be too easy to exhaust server memory.
>
> In particular, Postfix must not try to maintain huge numbers of
> counters when some spammer tries a huge number of different login
> names in a short time.
Which requires a large number of concurrently compromised accounts.
In most cases a spammer will have compromised a modest number of
accounts. Since per-login message rates are not measured before
successful authentication, I don't think this is a significant
issue.
> Either the use of per "login name" counters
> should be restricted to "known" logins,
This is for free, there is no such thing as an "unknown login".
--
Viktor.
