mta limit session-transaction-delay 10
Is there any way to limit where this is implemented? Such as only sessions from a specific server (via tag, action, match, etc.)?

From my limited understanding of the few bits of code I read, around this and other mta options, those "limit" options seems to be global.

There are other (global) knobs that maybe do something to the scheduling per domain or host, but I haven't tried any of those and I think they rather apply to retries. Check out ./usr.sbin/smtpd/limit.c, function limit_mta_set().

I ran a few rough grep(1)s through the sources, by guessing related strings, but I didn't find anything related to action or match.

My current understanding is we could consider some different levels of compromise:

1. Only the service is compromised (e.g., PHP) - this would limit message sending to how the server is configured to send mail.
at least in the event an attacker only compromises a service I can still limit damage to the mail relay server IP address reputation.

Mh... good thinking, I agree. I appreciate you sharing your reasoning :)

Reply via email to