Loading ...
Sorry, an error occurred while loading the content.
 

Re: OT: Re: anvil stats/restictions based on SASL username?

Expand Messages
  • brian moore
    On Wed, 27 Oct 2010 10:32:28 +0900 (JST) ... It s what I see almost every time a user gives out their passwords in a vain attempt to win some mysterious
    Message 1 of 6 , Oct 27, 2010
      On Wed, 27 Oct 2010 10:32:28 +0900 (JST)
      Tomoyuki Murakami <tomoyuki@...> wrote:

      > I'm little bit amazing to hear about the real-existing AUTHing bot.
      > I think we must prepare for SPAM originating bots, but relayed
      > through legitimate (compared to direct from bot PCs ) MTAs.

      It's what I see almost every time a user gives out their passwords
      in a vain attempt to win some mysterious lottery. The other case
      is abusing whatever webmail package is used.

      What I used on one of the providers here is 'policyd',
      available at policyd.org. It works well, though it has hit a few
      users on legitimate mail (we have, for example, a local 'arts'
      theater that sends out announcements).

      These 'special cases' have been resolved by excluding them from
      the counts after they promise to not send their password to Nigeria.

      (They have -always- understood when we explained it to them: they
      understand that other users doing stupid things can interfere with
      -their- mail, and are glad to see steps taken to protect their mail.)

      The advantage of policyd is that you can make exceptions easily
      enough. Keeping rate limits low is good for stopping spam fast, but
      there will always be some sort of exceptional case where someone
      may legitimately need to send more than X pieces of mail in an hour.
    Your message has been successfully submitted and would be delivered to recipients shortly.