Bill Watson schrieb:
> I hope this list is the proper forum, if not, please guide me to the list
> that is....
>
> I am looking for a way to limit the email quantity from a given user(pc)
> within my building that is using my "stock" RHEL system as the mailserver.
> Basically, if one PC gets a virus, I want to limit the number of emails sent
> from that or any PC to say, 100 in a day and alert me if this limit is
> exceeded so I can give the 20 lashes. I have googled a lot and kbased a lot
> and could not find any productive keywords.
>
> I presume the limiter would count the number of emails SMTP'd out from a
> given IP address and that'd be fine for my evil purposes. I know about
> limiting the total email out, and the # of sessions, but this doesn't do a
> lot towards my goals. 200 users at 100/day = limit of 20,000 really wouldn't
> do a lot, nor would it tell me who the evil doer is.

postfix ?

---- /usr/share/doc/postfix-2.*/README_FILES/TUNING_README ----
[...] IMPORTANT: These limits must not be used to regulate legitimate
traffic: mail
will suffer grotesque delays if you do so. The limits are designed to
protect
the smtpd(8) server against abuse by out-of-control clients. [...]


only a test:  2 messages per 120s

# postconf | grep anvil
anvil_rate_time_unit = 120s
anvil_status_update_time = 600s
# postconf smtpd_client_message_rate_limit
smtpd_client_event_limit_exceptions
smtpd_client_message_rate_limit = 2
smtpd_client_event_limit_exceptions = 172.16.1.2


3 messages/120s : the user get a warning
---- /var/log/maillog ----
Aug 19 00:08:30 multi postfix/smtpd[10309]: connect from
unknown[192.168.101.3]
Aug 19 00:08:30 multi postfix/smtpd[10309]: warning: Message delivery
request rate limit exceeded: 3 from unknown[192.168.101.3] for service smtp
Aug 19 00:08:38 multi postfix/smtpd[10309]: disconnect from
unknown[192.168.101.3]
----/----

---- anvil statistics in maillog ----
Aug 19 00:12:18 multi postfix/anvil[10288]: statistics: max connection
rate 3/120s for (smtp:192.168.101.3) at Aug 19 00:08:30
Aug 19 00:12:18 multi postfix/anvil[10288]: statistics: max connection
count 1 for (smtp:192.168.101.3) at Aug 19 00:05:16
Aug 19 00:12:18 multi postfix/anvil[10288]: statistics: max message rate
3/120s for (smtp:192.168.101.3) at Aug 19 00:08:30
Aug 19 00:12:18 multi postfix/anvil[10288]: statistics: max cache size 1
at Aug 19 00:05:16
----/----

---- pflogsumm ----
# pflogsumm /var/log/maillog
[...] Warnings
--------
  smtpd (total: 2)
         2   Message delivery request rate limit exceeded: 3 from
unknown[19...
----/----


-- 
shrek-m

_______________________________________________
rhelv5-list mailing list
rhelv5-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-list

Reply via email to