Tonix (Antonio Nati) wrote:
Il 01/10/2010 21:04, Eric Shubert ha scritto:
Tonix (Antonio Nati) wrote:
There are too many sides to examine.
I have a pretty clear picture of what I have in mind. Perhaps I
haven't communicated it well, or am not considering something.
Can you expound a bit?
I'm speaking about different business behaviors, for which something
genial for one customer could be a damage for others.
That is indeed always a concern. By allowing the default to be the
present behavior, and by allowing different settings per domain and per
user, I believe that detrimental side effects can be avoided.
I had customers with stolen password, and my attention was caught by
messages in queue, coming from authenticated relaying, and different IP
used from same sender for those messages.
99% of my customers works from office, so they use a fixed IP, and
sometimes work from home, sometimes they travel. But it is extremely
rare they send e-mail from three different IP in the same day, so it may
worth to "suspend" an account when such condition exists.
Not in my world. ;) My customers (and myself) can be fairly mobile at
times, submitting email from several locations per day.
In addition, there are dynamic IPs to consider. While some (even most)
dynamic addresses only change occasionally (daily to monthly), I have
one customer whose DSL provider is presently changing addresses several
times per day. While that may only be 1% of the general population, it
can and does happen unpredictably.
These aspects lead me to believe that a mechanism which presumes a
consistent (or even semi-consistent) IP address would not work well in
practice.
At the same time, I feel necessary to put a "filter" at acceptance phase
(like maximum numer of messages/recipinets for day) , because they work
with e-mail, and I cannot consider throttling or delaying their messages
due to huge queues... If I receive a message I must deliver it in the
shortest timeframe, otherwise it is better not to accept it.
I appreciate your concerns, but I believe that throttling delivery on a
per-user basis will actually improve delivery overall. A throttle would
prevent a single user from hogging the sending resources to the
detriment of other users' messages. IOW, by limiting the rate at which
each user's messages are sent, the messages which are sent would belong
to a greater number of users. For instance, if joe sends a message to 40
people, and his allowance is one per 30 seconds, his messages would sent
over a 20 minute period. This, as opposed to the present situation,
where joe's 40 messages would be sent all at once, causing everyone
else's messages to wait for all of joe's messages to be delivered before
qmail-remote resources become available.
I'n mu wishlist about qmail, I'd love to have a multi-queue mechanism,
where one queue would be used for users within thesholds, and another
queue for mailing lists and users outside thesholds. In this way normal
users would be never have penalties, while exceeding users would be
routed to "low priority queue".
I don't think multiple queues would be required. A throttling mechanism
as I've described would accomplish the same thing. Depending on how the
administrator chooses to configure the settings, some users can be
throttled, and others not. Or per domain.
But I'd love to extend this to other needs, as well. Stolen passwords
mean unauthorized access to pop and IMAP, so I need a wider approach to
that.
True. However, at present time the strongest incentive to steal
passwords appears to be for use of smtp for spamming. What I think we're
trying to address here is reducing (or eliminating) the impact on the
server when a password is compromised. Throttling qmail-remote will
minimize that impact, and perhaps keep the host's IP address from being
blacklisted as well.
Natalio's script fills a void regarding detection. I like that. Taken
one step further, it should be fairly easy to modify the script to show
message counts per user, which would help greatly in pinpointing the
offending account. What do you think, Natalio?
Actually POP do not make any kind of control over abuses,a nd most IMAP
applications do no let to approach it easily (example, for a webmail
using IMAP, IMAP application cannot check the "real" source IP, as it
know only the webmail IP).
Right. I'm not as concerned with POP and IMAP though, as this doesn't
appear to effect the server, and the incentive for exploit doesn't
appear to be as great. The effect of a compromised password on POP/IMAP
is a consequence to the user more so than the server. Thus, it can left
to be the responsibility of the user.
Of course, that's just my opinion.
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]