Am 06.01.2014 16:24, schrieb li...@rhsoft.net: > Am 06.01.2014 16:12, schrieb Roland Plüss: >> A couple of days ago my mail server got attacked by a spammer. As it >> looks like he managed to compromise the password of one of the users on >> the system and SASL authenticated using the account to send spam. I >> blocked the attacking IP and changed the password of the affected user. >> Still the spammer managed to send out quite a lot of mails because due >> to permit_sasl_authenticated letting him pass by. Now to deal with this >> situation in the future I would like to automatically lock down an >> account if an unusual amount of mails are sent like 60 per minute or so. >> I could though not figure out if postfix is able to do this or how to >> get this done. Any ideas? > > anvil_rate_time_unit = 1800s > smtpd_client_connection_rate_limit = 50 > smtpd_client_recipient_rate_limit = 400 > smtpd_recipient_limit = 100 > > this way at least not more than 400 messages from the same IP > can be sent within 30 minutes, independent of how many connections > while these are limited to 50 and a single message must not have > more than 100 CRPT >
yeah, but some spambots simple will fire again, so it might not fix the problem, it may only limiting impacts Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
