Re: [qmailtoaster] Re: Rate limiting user submissions

2019-08-22 Thread Remo Mattei 
Here is what my direct.xml file looks like

more direct.xml


  -p tcp 
--dport 22 -m state --state NEW -m recent --set
  -p tcp 
--dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 -j 
REJECT --reject-with tcp-reset

  -p tcp 
--dport 25 -m state --state NEW -m recent --set
  -p tcp 
--dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 -j 
REJECT --reject-with tcp-reset

  -p tcp 
--dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 7 -j 
REJECT --reject-with tcp-reset

  -p tcp 
--dport 25 -m state --state NEW -m recent --update --seconds 200 --hitcount 15 
-j REJECT --reject-with tcp-res
et
  -p tcp 
--dport 25 -m state --state NEW -m recent --update --seconds 2000 --hitcount 35 
-j REJECT --reject-with tcp-re
set
  -p tcp 
--dport 25 -m state --state NEW -m recent --update --seconds 2 --hitcount 
120 -j REJECT --reject-with tcp-
reset


Remo 

> On Aug 22, 2019, at 16:36, Jeff Koch  wrote:
> 
> Hi Eric:
> 
> This is the patch that we used with Bill's toaster and it was very effective 
> in limiting the damage from hijacked email accounts.
> 
> http://spamthrottle.qmail.ca/ 
> 
> Let me know what you think
> 
> Jeff
> 
> On 8/22/2019 7:18 PM, Eric Broch wrote:
>> What about this tcpserver limits patch 
>> 
>> https://qmail.jms1.net/ucspi-tcp/  
>> 
>> On 8/22/2019 9:32 AM, Jeff Koch wrote: 
>>> 
>>> Hi List 
>>> 
>>> Sometimes a user's email credentials get hijacked and before we know it 
>>> 100,000 spams go out. This doesn't happen very often but when it does it's 
>>> a mess. Our mailserver gets blocked by major ISP and it takes weeks to get 
>>> the blocks lifted. So I was thinking - is there any way to rate limit email 
>>> accounts? For example, limit users to sending no faster than one email 
>>> every few seconds. There used to be a patch for the old Bill's Qmail 
>>> Toaster called 'spam throttle' that could do this. 
>>> 
>>> Regards, Jeff 
>

[qmailtoaster] Re: Rate limiting user submissions

2019-08-22 Thread Jeff Koch 

Hi Eric:

This is the patch that we used with Bill's toaster and it was very 
effective in limiting the damage from hijacked email accounts.


http://spamthrottle.qmail.ca/

Let me know what you think

Jeff

On 8/22/2019 7:18 PM, Eric Broch wrote:

What about this tcpserver limits patch

https://qmail.jms1.net/ucspi-tcp/

On 8/22/2019 9:32 AM, Jeff Koch wrote:


Hi List

Sometimes a user's email credentials get hijacked and before we know 
it 100,000 spams go out. This doesn't happen very often but when it 
does it's a mess. Our mailserver gets blocked by major ISP and it 
takes weeks to get the blocks lifted. So I was thinking - is there 
any way to rate limit email accounts? For example, limit users to 
sending no faster than one email every few seconds. There used to be 
a patch for the old Bill's Qmail Toaster called 'spam throttle' that 
could do this.


Regards, Jeff

[qmailtoaster] Re: Rate limiting user submissions

2019-08-22 Thread Jeff Koch 

Hi Eric:

That patch might work - is it already installed?

Jeff

On 8/22/2019 7:18 PM, Eric Broch wrote:

What about this tcpserver limits patch

https://qmail.jms1.net/ucspi-tcp/

On 8/22/2019 9:32 AM, Jeff Koch wrote:


Hi List

Sometimes a user's email credentials get hijacked and before we know 
it 100,000 spams go out. This doesn't happen very often but when it 
does it's a mess. Our mailserver gets blocked by major ISP and it 
takes weeks to get the blocks lifted. So I was thinking - is there 
any way to rate limit email accounts? For example, limit users to 
sending no faster than one email every few seconds. There used to be 
a patch for the old Bill's Qmail Toaster called 'spam throttle' that 
could do this.


Regards, Jeff