Bill Watson schrieb: > I hope this list is the proper forum, if not, please guide me to the list > that is.... > > I am looking for a way to limit the email quantity from a given user(pc) > within my building that is using my "stock" RHEL system as the mailserver. > Basically, if one PC gets a virus, I want to limit the number of emails sent > from that or any PC to say, 100 in a day and alert me if this limit is > exceeded so I can give the 20 lashes. I have googled a lot and kbased a lot > and could not find any productive keywords. > > I presume the limiter would count the number of emails SMTP'd out from a > given IP address and that'd be fine for my evil purposes. I know about > limiting the total email out, and the # of sessions, but this doesn't do a > lot towards my goals. 200 users at 100/day = limit of 20,000 really wouldn't > do a lot, nor would it tell me who the evil doer is.
postfix ? ---- /usr/share/doc/postfix-2.*/README_FILES/TUNING_README ---- [...] IMPORTANT: These limits must not be used to regulate legitimate traffic: mail will suffer grotesque delays if you do so. The limits are designed to protect the smtpd(8) server against abuse by out-of-control clients. [...] only a test: 2 messages per 120s # postconf | grep anvil anvil_rate_time_unit = 120s anvil_status_update_time = 600s # postconf smtpd_client_message_rate_limit smtpd_client_event_limit_exceptions smtpd_client_message_rate_limit = 2 smtpd_client_event_limit_exceptions = 172.16.1.2 3 messages/120s : the user get a warning ---- /var/log/maillog ---- Aug 19 00:08:30 multi postfix/smtpd[10309]: connect from unknown[192.168.101.3] Aug 19 00:08:30 multi postfix/smtpd[10309]: warning: Message delivery request rate limit exceeded: 3 from unknown[192.168.101.3] for service smtp Aug 19 00:08:38 multi postfix/smtpd[10309]: disconnect from unknown[192.168.101.3] ----/---- ---- anvil statistics in maillog ---- Aug 19 00:12:18 multi postfix/anvil[10288]: statistics: max connection rate 3/120s for (smtp:192.168.101.3) at Aug 19 00:08:30 Aug 19 00:12:18 multi postfix/anvil[10288]: statistics: max connection count 1 for (smtp:192.168.101.3) at Aug 19 00:05:16 Aug 19 00:12:18 multi postfix/anvil[10288]: statistics: max message rate 3/120s for (smtp:192.168.101.3) at Aug 19 00:08:30 Aug 19 00:12:18 multi postfix/anvil[10288]: statistics: max cache size 1 at Aug 19 00:05:16 ----/---- ---- pflogsumm ---- # pflogsumm /var/log/maillog [...] Warnings -------- smtpd (total: 2) 2 Message delivery request rate limit exceeded: 3 from unknown[19... ----/---- -- shrek-m _______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list