postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: OT: Re: anvil stats/restictions based on SASL

Re: OT: Re: anvil stats/restictions based on SASL username?

From: brian moore <bem_at_nospam>
Date: Wed Oct 27 2010 - 16:19:46 GMT
To: postfix-users@postfix.org

On Wed, 27 Oct 2010 10:32:28 +0900 (JST)
Tomoyuki Murakami <tomoyuki@pobox.com> wrote:

> I'm little bit amazing to hear about the real-existing AUTHing bot.
> I think we must prepare for SPAM originating bots, but relayed
> through legitimate (compared to direct from bot PCs ) MTAs.

It's what I see almost every time a user gives out their passwords
in a vain attempt to win some mysterious lottery. The other case
is abusing whatever webmail package is used.

What I used on one of the providers here is 'policyd',
available at policyd.org. It works well, though it has hit a few
users on legitimate mail (we have, for example, a local 'arts'
theater that sends out announcements).

These 'special cases' have been resolved by excluding them from
the counts after they promise to not send their password to Nigeria.

(They have -always- understood when we explained it to them: they
understand that other users doing stupid things can interfere with
-their- mail, and are glad to see steps taken to protect their mail.)

The advantage of policyd is that you can make exceptions easily
enough. Keeping rate limits low is good for stopping spam fast, but
there will always be some sort of exceptional case where someone
may legitimately need to send more than X pieces of mail in an hour.