On 2016-11-15 08:09 AM, Volker Cordes wrote:
Hello,
I just stopped our server from sending out spam mails. A password from
one of our customers was hacked or somehow leaked so that the mails were
sent by an authenticated user. Now I was wondering if it is possible to
block users that authenticate themselves from a lot of different IP
addresses in a short timespan or to implement blocking using
geoip-services (99% of our customers are based in germany).
I simply throttle my users. We offer mailing list access (mailman) so
there is hardly ever any reason to bulk send from a personal account. I
picked 100 as a reasonable number of messages to send in an hour and
check the previous hour every 15 minutes. If the above happens they get
stopped very quickly. I also get email so that I can deal with the
user. I let them know that I can temporarily whitelist them if they do
have a legitimate need to send out a one time mass mailing.
--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:da...@vex.net
VoIP: sip:da...@vex.net
