On 2010/09/02 09:04 AM, Xueshan Feng wrote: > On Sep 1, 2010, at 23:14, Cami<[email protected]> wrote >> The abuse flag triggers when more than 100 messages have attempted >> to be sent within that rolling 2 hour window. > Then after that how long the sender would be blocked? If the new > rolling window starts at 10:00, the abuse flag is set at 09:59, the > sender would be able to send again one minute later, right?
You can send X amount of mails in Y time period. If the sender hits that limit, an "abuse" log entry is triggered to indicate that the limit is reached and further mails are "attempt" to be sent. When the rolling time window is reached, mails will be allowed to flow as normal. I stand corrected but i believe the same behaviour applies to Policyd v2. > Now I understand - policyd does rate limit as it is designed for, but > I think the abuse trigger can be used to call some other tools to > disable or block the sender. BTW, we are trying to deal with > compromised accounts that are used by spammers to send spam, that's > why I asked about how long a sender will be blocked. Looks like it > depends on where the quota is hit in that rolling window. Correct. Instead of modifying the code to execute other tools, I recommend using syslog-ng and use it to perform various types of triggers since it has been designed to cater for what you want. (match for abuse logs, execute tool). Cami _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
