On 8/1/2018 12:43 PM, Durga Prasad Malyala wrote: > Hello all, > To overcome scam due to compromised accounts,Currently we are using a > beautiful software https://github.com/MirLach/ratelimit-policyd > > However we have a few issues. Generally spammers dont put a lot of > peple in cc or bcc. they send individual mails to a lot of users. This > software counts people in cc or bcc also. This blocks the HR or admin > people sending out announcements or notifications also. > > So it needs to be fine tuned as below. > > 1. Allow a specifc subnet of trusted networks to send without restrictions.
This can be easily done with a check_client_access whitelist before your check_policy_service, or your policy service may have an internal whitelist. > 2. If a users is sending after sasl authentication from different IPs > within a specific time range - block that user. (reset his password > and send mail to administrator). This would need modifications to your policy script. I'm not aware of any existing policy services that monitor client IP use. This also seems likely to false-positive eg. when someone sends mail from both their phone (on cell service) and their desktop/laptop (on LAN/WiFi). I'm guessing that allowing legit multi-IP use while blocking imposters would be non-trivial. > 3. have a toggle switch for mails counting in cc or bcc or put them > under a higher limit. The postfix policy service cannot examine message headers, so it is not possible to determine if a particular recipient is in the to: cc: or not listed (bcc). A content filter such as spamassassin may be able to help. > Any Ideas and suggestions / links to similar software doing this > please contribute. > > Thanks/DP > -- Noel Jones
