As someone already mentioned, that's what the Postfix limits are for,
namely
smtpd_recipient_limit
smtpd_client_recipient_rate_limit
smtpd_client_connection_rate_limit
smtpd_client_message_rate_limit
smtpd_soft_error_limit
smtpd_hard_error_limit
Even if it is a "spammer sending slowly", there will be still
characteristics that will make it possible to identify the incident
automatically - suddenly unusual number of unique recipients, unusual
number of errors, etc. The automatic solution allows you to cull the
spam wave as it happen, potentially limiting the impact. If you
reactively, manually start to look for a problem because your queue
suddenly starts filling up because you have been blacklisted downstream
for forwarding spam, the damage was already done and you will have to
suffer the consequences for some time (legitimate mail of your users
will be rejected).
And if a queue is filled with spam from a hacked account, then it's IMO
proper to delete all the queued mail from that account via postsuper -d
- the user compromised his/her auth information somehow, so he/she
cannot expect any of his/her mail to be delivered, and millions of
bounces won't help anything anyway.
--
Best Regards,
Daniel Ryšlink
On 16. 01. 20 8:02, azu...@pobox.sk wrote:
Citát "@lbutlr" <krem...@kreme.com>:
On 15 Jan 2020, at 15:12, Noel Jones <njo...@megan.vbhcs.org> wrote:
We've had problems with users mistyping domain names, such as
hotmal.com or aoil.com. And they ignore the delay warning message
because they still don't notice their typo.
Then they get the bounce when the max queue expires.
The messages in the queue are not hurting anything and unless there
are millions and millions of them, they are not worth manually
handling (nor adding custom transport maps to “fix” user’s tyops).
I don't agree with this. Yes, technically it isn't a problem but we
(and for sure not alone) are using message queue size as a sign of a
problem - if there are much more messages then usual, our monitoring
software is notifying us. In most cases it is a sign of hacked account
which is spamming - in about 50% of such cases, spammers are sending
spam very slowly, so you cannot simply note it, that's why we monitor
it. And that's why it is a problem when there are lots of messages
which you cannot get rid of by any means.
