Leonardo, thankyou for your reply.
My PHP is running under Suexec, so that i have a system user for each "domain". So that, if i can, to say, limit max emails per uid, the problem is solved. That's not a problem explain the situation to my customers. The sender is not a secure limit for the simple reason that all spam attacks i've seen were usind a randomized from. The only secure way to limit is the envelope from. I can't, then, disable non-authenticated local delivery. Thankyou 2009/7/13 Leonardo Rodrigues <[email protected]>: > [email protected] escreveu: >> >> I've seen that policyd permits to limit SASL users or hosts. Ok, i >> can't use those 2 solutions, because, first won't work as i'm not >> using SASL (no authenticated users), and second of course won't work >> because the host is the same for all users (my webserver). >> >> Any other idea? I think that the solution is limiting evenlope sender >> (the system user). >> >> > > limiting the system user would limit your system globally, thus avoiding > some user to send mails when some other user reached the system quota, which > is global for the system. That doesnt seem to be the most intelligent way. > > i really dont see some easy solution without involving some script > adjusting. I would suggest: > > 1) sending a mail to your customers explaininig why you're implementing > quota. Make them believe this is good for them, as the system will not be > used for SPAM sending and, thus, will have a lower chance of having problems > of RBLs and stuff. > > 2) so you'll have to force your users to adjust their script and always set > a From header. Maybe you'll have to block system user from sending directly > .... with that done, you can limit securely on the sender. But that would > still allow some malicious user to change From header and bypass quota > limitation. > > 3) even better would be NOT allowing email sending without SASL > authentication, so you could limit that on the SASL authenticated user. > > without those changes, i cant see a secure way of doing that. > >> Oh, i have another question: i've installed policyd with apt-get. I >> think it's version 1, not 2. How can i check? >> >> > > this is the output from v1.82 ... > > [r...@correio ~]# /usr/local/policyd/policyd --version > policyd v1.82 > usage: /usr/local/policyd/policyd -c /path/to/policyd.conf > [r...@correio ~]# > > from 2 you should probably get something similar telling the version. > > > -- > > > Atenciosamente / Sincerily, > Leonardo Rodrigues > Solutti Tecnologia > http://www.solutti.com.br > > Minha armadilha de SPAM, NÃO mandem email > [email protected] > My SPAMTRAP, do not email it > > > > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.policyd.org/mailman/listinfo/users > > _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
