Hi, Following up with my own email, I'd also like to generate a list of all accounts that have sent an email with greater than ten recipients, but this information doesn't appear to be available in one line:
Dec 11 23:59:17 mail postfix/submission/smtpd[13636]: connect from unknown[13.82.28.69] Dec 11 23:59:17 mail postfix/submission/smtpd[13636]: Anonymous TLS connection established from unknown[13.82.28.69]: TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Dec 11 23:59:17 mail postfix/submission/smtpd[13636]: 9D14386956765: client=unknown[13.82.28.69], sasl_method=login, sasl_username=alice Dec 11 23:59:17 mail postfix/submission/smtpd[13636]: disconnect from unknown[13.82.28.69] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8 Is there a more convenient way to represent this information, or is it necessary to build something that parses multiple lines and somehow associates the IP with data from other lines? On Tue, Dec 12, 2017 at 11:29 AM, Alex <mysqlstud...@gmail.com> wrote: > Hi, > > We have postfix-3.1.4 set up on fedora25 to use submission for > outbound mail. How can I control the number of recipients that can be > addressed in any one email? > > Below is my submission config from master.cf. Perhaps it would just be > setting smtpd_recipient_limit specifically for submission? > > submission inet n - n - - smtpd > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > -o milter_macro_daemon_name=ORIGINATING > -o receive_override_options=$submission_overrides > -o syslog_name=postfix/submission > > On a related question, how can we limit the number of recipients > addressed in any one inbound email? What does the sender receive when > that limit is reached? Will this cause problems with legitimate mail? > > The problem we're trying to solve is primarily disgruntled employees > retaliating via email and sending business-related information to all > employees. Obviously this is not a perfect solution, but one we hope > will deter the most egregious offenders. We also can't really restrict > it via our spam measures because the body contents are directly > business related. Of course we'd also like any of the anti-spam abuse > protections from this as well. > > Thanks, > Alex
