On Wed 14/Nov/2012 11:16:26 +0100 Mark Constable wrote: > > We've got a few thousand users and every now and then one will > answer a phishing spam with their login details
Heck. In that case it's useless to estimate a password's entropy and then count the failed attempts against it :-/ > Some kind of rate limiting scheme per user would be very handy. > Something like 10 seconds between outgoing connections, per user, > would not impact a normal single or a dozen or so CC'd messages > (the sender would not notice) Hm... there are exceptions, though. Users can legitimately use their mail clients' mail-merge functionality. IME, it's not uncommon to have a few, possibly related, message composition windows and fire them out in rapid succession. Hindrances in submit could make users switch to their ISP's mail relay facility, which is counter productive. Would it make sense to use, say, CRM114 to tell whether submitted messages match a given user's prose? Also, trying to learn sending patterns might help to establish per-user rate limits. (And I'd expect power users to be less phishable.) > but it could make the difference between a few 1000 (at most) or 100,000 > (or more) messages going out per user in any 24 hour period. That could be addressed directly. Zdkimfilter has an option to insert the recipients' domains of authenticated users' posts into a database, for whitelisting purposes. It would be enough to insert a query call, passing the user-id and the number of recipients, before signing each message. That query could be configured to insert a new record, then count the total number of recipients or messages by that user in some period of time, and return an ok/block response. Otherwise, for a standalone filter, it may be more straightforward to track submissions using plain files in users' HOME directories. ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
