On 2012-11-14 17:29, Alessandro Vesely wrote: > My server is smaller than yours. I block IPs after failed login, and > until now I've hoped that to be enough. Might I ask you what amounts > of time and attempts did the attacker need to break in?
We've got a few thousand users and every now and then one will answer a phishing spam with their login details and sure enough we'll see up to 100k spams go out from that account before we notice and change the users password and clear the mailq with... https://raw.github.com/svarshavchik/courier-contrib/master/cancelmailq.sh Some kind of rate limiting scheme per user would be very handy. Something like 10 seconds between outgoing connections, per user, would not impact a normal single or a dozen or so CC'd messages (the sender would not notice) but it could make the difference between a few 1000 (at most) or 100,000 (or more) messages going out per user in any 24 hour period. ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
