Hi Voytek, all, just for curiosity: was this of any use to anyone ( but myself? ;-) )
If not -- what would need to be done to actually make it useful?... As said, I'm productively using this on my own (low volume, http://imgur.com/NaHjeMe ) server. I had previously had two incidents of compromised user accounts that were sending out spams, which is why I finally wrote this in the end. Since then, fortunately there haven't been any account compromises so far. But the system actually works -- it identified a couple of accidental misconfigurations, and properly alerted both the sender and me.
It's still meant to only *complement* a correctly configured quota configuration (in case the spammer is actually using the allowed sender identity). And, if a "notify" account is set and the spammer just fires and forgets, it could actually overwhelm that "notify" account with "$user tried to send using wrong identity" messages (but at least the actual spam won't get through). That would be easy enough to fix though.
I'm willing to invest more effort if needed. Therefore, any feedback (constructive criticism, suggestions, tips, help...) is appreciated!
Cheers Chris On 04/11/15 22:59, Christoph Langguth wrote:
Hi, you might give this one a try: http://pastebin.com/hHuXszhN This is something that I hacked together in response to my own request: http://lists.policyd.org/pipermail/users_lists.policyd.org/2013-July/004162.html :-) It's not beautiful (configuration is within the module itself), but it works smoothly on my server. Note: I'm using 2.0.10-1 (the one officially bundled with Ubuntu 14.04), not sure if you'll need to adjust things for your version. To use, save the file as /usr/lib/postfix-cluebringer/cbp/modules/SenderControl.pm (or whereever the modules are on your system), then add "SenderControl" to the list of modules in /etc/cluebringer/cluebringer.conf Hope this helps, cheers Chris PS: Maybe after some overhaul, something like this could be added as an "official" module? On 04/11/15 22:33, [email protected] wrote:I have Postfix 2.11 and policyd v1.82, all working well, small mail server with couple dozen domains, typical traffic (1) ocassionally users' password get compromised, and, get 'spam burst' sent what sort of setting should I use in policyd to minimize or prevent such ? currently have as so under senderthrottle, what else should I do ? SENDERTHROTTLE=1 SENDER_THROTTLE_SASL=1 SENDER_THROTTLE_HOST=0 QUOTA_EXCEEDED_TEMP_REJECT=0 SENDER_QUOTA_REJECTION="Quota Exceeded." SENDER_SIZE_REJECTION="Message size too big." SENDERMSGLIMIT=100 SENDERRCPTLIMIT=100 SENDERQUOTALIMIT=50000000 SENDERTIMELIMIT=1h SENDERMSGSIZE=10240000 SENDERMSGSIZE_WARN=50 SENDERMSGSIZE_PANIC=90 SENDER_INACTIVE_EXPIRE=31d SENDER_THROTTLE_AUTOBLACKLIST=0 SENDER_THROTTLE_AUTOBLACKLIST_NUMBER=3 SENDER_THROTTLE_AUTOBLACKLIST_EXPIRE=6h 1 Per-Day Traffic Summary ----------------------- date received delivered deferred bounced rejected -------------------------------------------------------------------- Nov 1 2015 515 551 19 1 2012 Nov 2 2015 1408 1730 14 7 2484 Nov 3 2015 1603 1927 10 3 6681 Nov 4 2015 1662 1984 13 5 8211 Nov 5 2015 347 372 7 0 1316 _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org_______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
