On 01/06/2014 04:32 PM, li...@rhsoft.net wrote:
>
> Am 06.01.2014 16:29, schrieb Robert Schetterer:
>> Am 06.01.2014 16:24, schrieb li...@rhsoft.net:
>>> Am 06.01.2014 16:12, schrieb Roland Plüss:
>>>> A couple of days ago my mail server got attacked by a spammer. As it
>>>> looks like he managed to compromise the password of one of the users on
>>>> the system and SASL authenticated using the account to send spam. I
>>>> blocked the attacking IP and changed the password of the affected user.
>>>> Still the spammer managed to send out quite a lot of mails because due
>>>> to permit_sasl_authenticated letting him pass by. Now to deal with this
>>>> situation in the future I would like to automatically lock down an
>>>> account if an unusual amount of mails are sent like 60 per minute or so.
>>>> I could though not figure out if postfix is able to do this or how to
>>>> get this done. Any ideas?
>>> anvil_rate_time_unit               = 1800s
>>> smtpd_client_connection_rate_limit = 50
>>> smtpd_client_recipient_rate_limit  = 400
>>> smtpd_recipient_limit              = 100
>>>
>>> this way at least not more than 400 messages from the same IP
>>> can be sent within 30 minutes, independent of how many connections
>>> while these are limited to 50 and a single message must not have
>>> more than 100 CRPT
>> yeah, but some spambots simple will fire again, so it might not fix the
>> problem, it may only limiting impacts
> correct, the problem itself can only be fixed manually in any case
> but the difference between 400 or 400000 messages by one spambot
> makes the difference get blacklisted everywhere or not :-)
Follow question. How is the block working? Is it permanent or temporary?
If permanent how can I remove the block after changing the password?

-- 
Yours sincerely
Plüss Roland

Leader and Head Programmer
- Game: Epsylon ( http://www.indiedb.com/games/epsylon )
- Game Engine: Drag[en]gine ( http://www.indiedb.com/engines/dragengine
, http://dragengine.rptd.ch/wiki )
- Normal Map Generator: DENormGen ( http://epsylon.rptd.ch/denormgen.php )
- As well as various Blender export scripts und game tools

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to