This is definitely a problem! I have to deal with it at least once per week myself.
In the current version, there's almost nothing spamdyke can do to prevent this -- once the user is authenticated, they can send as much email as they want. In the upcoming version, I've added a filter to compare the sender address to the authentication username and block messages if they don't match or if the domain doesn't match (configurable). That will stop some of these incidents, especially when the spammer authenticates and sends from a remote server instead of the compromised PC -- they seem to use different sender addresses when that happens. When they send from the infected PC, they seem to use the same address, so the new filter won't be able to stop it. Someday I'd like to add ratelimiting to spamdyke so it can block these kinds of problems once and for all. Actually, I've been thinking about adding a generic filter framework to spamdyke, so it can call out to an external program and get a pass/fail response. That would allow lots of new custom filters to be easily added without having to update spamdyke itself (rate limits, size limits, database-backed graylisting, etc). As long as the custom scripts were executable, they wouldn't have to be written in C. It would also allow SpamAssassin and ClamAV to be called during mail delivery, which is something I've wanted for a long time... :) -- Sam Clippinger On Dec 10, 2013, at 11:21 AM, ron wrote: > Such a solution would be nice. > I can empathize with you as it happened to me about 8 months ago and it took > me several hours to figure how to stop it, although they weren't being > created as fast as yours. Scanned all PC's with Malware Bytes and didn't find > any process that could be definitely identified as the culprit, but removed > anything suspect. > Ron > > On 12/10/2013 9:35 AM, Les Fenison wrote: >> >> I had one of my email users accounts compromised this morning and have been >> thinking of what could have prevented hundreds of thousands of spams from >> going out all within a 2 minute window. >> >> Is there any way possible to limit the number of emails that a single >> authenticated user can send within a specified period of time? >> >> Fortunately I was awake and an alarm alerted me to an enormous mail queue >> and I was able to quickly change the compromised password. But not until >> over 400,000 messages got queued. I dumped the queue immediately but time >> will tell how many blacklists my IP ends up on because of this. >> >> -- >> Les Fenison >> www.DeltaTechnicalServices.com >> l...@deltatechnicalservices.com >> (503) 610-8747 >> >> >> _______________________________________________ >> spamdyke-users mailing list >> spamdyke-users@spamdyke.org >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
