Quoting Andy Dorman <ador...@ironicdesign.com>:
Also, the domain admin can also look at the email and if it is
really spam, they can quickly shut down the spammer.
Off-topic - I like to know how much spam they would have sent, so when
I verify it's spam I redirect their outgoing mail to /dev/null but
continue to count the recipients. It blows your mind sometimes...
I also apply the same 'counting' to my entire outgoing queue. I've
found that while the per-user limits are helpful, those smarter
spammers will just create more accounts. By monitoring the entire
mail flow for traffic spikes, I can shut down the entire outgoing
queue and remove the abuser(s).
I use qmail, but any SMTP server should work. Essentially:
1. Route all 'non-verified' users mail from the incoming SMTP server
to 192.168.1.1.
2. Route all mail from 192.168.1.1 to 192.168.1.2.
3. 192.168.1.2 runs smtp-delay to 'pause' traffic on 192.168.1.1
4. Run a cronjob that counts the number of emails in queue on
192.168.1.1 every minute. You will need to tweak both the counts and
delay times for your environment (and as you environment scales up).
So for example, if you consistently have 20 emails in queue, and spike
to 60 under normal operations, set your program to shut the queue down
at 70 and alert the admin. You will obviously need staff to manage
the alert (if you're swamped with spammers) and/or understanding from
your users that this will occur.
Rick
--
IMP mailing list
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: imp-unsubscr...@lists.horde.org
