Re: [policyd-users] Throttle by SASL username only

Wed, 31 Oct 2012 05:57:10 -0700 

Tobia Conforto wrote:
I would like to throttle mail based by SASL username, but only if the message was SASL authenticated in the first place. 


My purpose for doing so is to have a quota in place in case some of 
my users' accounts get compromised, so that the attackers cannot 
relay huge amounts of spam before I have a chance to disable the 
compromised accounts.



OK, what you need is a policy with members "$*" which matches all 
SASL authgenticated messages. Then apply a quota to limit message 
rate to this policy. You also need to make sure that any other 
policies don't match - by adding "!$*" to the member list.



I've gone one step further and allowed for certain users to be 
allowed to send more mail - by creating a second policy.


So I have :
Inbound mail, members !$*,!%internal_ips

SASL users, members $*,!%hi-vol-sasl,!%My_Network

High volume users, members %hi-vol-sasl

My servers, members %My_Network,$*,!%hi-vol-sasl

Local mail, mebers %internal_ips

Groups are :
My_Network (list of my subnets)
internal_ips 127.0.0.1
hi-vol-sasl - list of users given as [email protected]


Between these, that gives me mutually exclusive policies which 
(unless I've got something wrong) will mean that each mail matches 
exactly one of the policies.
My own servers have one limit, users from outside have another, a 
select few of those get a higher limit, and inbound gets another 
limit (tracking on "Recipient:user@domain").




And yes, I know what you mean about stopping (or at least limiting) 
outbound spam. We've had a few instances where a customer has been 
compromised - on the old server I've had to stop all mail, disable 
the individual user, put all mail in the queue on hold, and then 
write a script to go through the mail queue and either delete the 
mail (if it's spam) or release it. Can't remember numbers, but had 
message counts well into 6 digits from some of the events - takes all 
day for the script to grind through them :(


--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org






















					Reply via email to