On 01/06/2014 04:32 PM, li...@rhsoft.net wrote: > > Am 06.01.2014 16:29, schrieb Robert Schetterer: >> Am 06.01.2014 16:24, schrieb li...@rhsoft.net: >>> Am 06.01.2014 16:12, schrieb Roland Plüss: >>>> A couple of days ago my mail server got attacked by a spammer. As it >>>> looks like he managed to compromise the password of one of the users on >>>> the system and SASL authenticated using the account to send spam. I >>>> blocked the attacking IP and changed the password of the affected user. >>>> Still the spammer managed to send out quite a lot of mails because due >>>> to permit_sasl_authenticated letting him pass by. Now to deal with this >>>> situation in the future I would like to automatically lock down an >>>> account if an unusual amount of mails are sent like 60 per minute or so. >>>> I could though not figure out if postfix is able to do this or how to >>>> get this done. Any ideas? >>> anvil_rate_time_unit = 1800s >>> smtpd_client_connection_rate_limit = 50 >>> smtpd_client_recipient_rate_limit = 400 >>> smtpd_recipient_limit = 100 >>> >>> this way at least not more than 400 messages from the same IP >>> can be sent within 30 minutes, independent of how many connections >>> while these are limited to 50 and a single message must not have >>> more than 100 CRPT >> yeah, but some spambots simple will fire again, so it might not fix the >> problem, it may only limiting impacts > correct, the problem itself can only be fixed manually in any case > but the difference between 400 or 400000 messages by one spambot > makes the difference get blacklisted everywhere or not :-) Follow question. How is the block working? Is it permanent or temporary? If permanent how can I remove the block after changing the password?
-- Yours sincerely Plüss Roland Leader and Head Programmer - Game: Epsylon ( http://www.indiedb.com/games/epsylon ) - Game Engine: Drag[en]gine ( http://www.indiedb.com/engines/dragengine , http://dragengine.rptd.ch/wiki ) - Normal Map Generator: DENormGen ( http://epsylon.rptd.ch/denormgen.php ) - As well as various Blender export scripts und game tools
signature.asc
Description: OpenPGP digital signature