Peter Holm said: > Hi, > > is it an unrealistic or unintelligent approach to limit the > amount of mail that can be sent with a server? > > Limiting the possibility to send mail to only once per minute > looks to me like a very userfriendly AND abuse-preventing > restriction, that could save many admins lots of trouble. [snip]
My first concern is how you're going to handle people going over 1 per minute. The way I see it, you have 2 choices: queue it up or throw it out. 1. Queue it up: this means that if someone DOES try to spam through your server, your FS is going to get full, the queue will get clogged, and your wife/girlfriend/husband/boyfriend/whatever will leave you :) But in all seriousness, it seems like it could have to potential to get really bad. 2. Throw it out: either you are silently discarding mail, so that people get confused when they don't get the mail they sent to themselves or family members, OR, you are having to generate and deliver a TON of DSNs. Neither one seems to be very good. If it is a real spammer, you want to throw it out, as nobody will miss it; however, if it is a real user who had Outlook queue the mail to be sent while he was on an airplane, and you throw away his email to his boss, he may be looking for a new email provider very soon. But if it is a SPAMmer and you end up generating DSNs, you would give yourself a DoS attack in the process. I understand the problem of having your legitimate email server be used by a valid user for unapproved reasons. Network policy should be your FIRST line of defense. We examine the logs to gather metrics, and if something seems to be amiss, we talk to the person responsible. Luckily, our users are pretty responsible, for the most part. I just don't know how to handle the problem of what to do with the message, unless you're going to block it at send-time (like with a "connection refused" or some other 4xx or 5xx error, 4xx probably being more appropriate). That having been said, good luck for whatever you decide to do! ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
