Loading ...
Sorry, an error occurred while loading the content.

Decrease the Postfix connection speed

Expand Messages
  • Alfredo Saldanha
    Hi there, Is possible to decrease the postfix connection speed in case of possible spam? Per number of connections or messages per second come from a specific
    Message 1 of 12 , May 8, 2014
    • 0 Attachment
      Hi there,

      Is possible to decrease the postfix connection speed in case of possible spam?
      Per number of connections or messages per second come from a specific IP?

      BR,

      Jr.
    • lists@rhsoft.net
      ... anvil_rate_time_unit = 1800s smtpd_client_connection_rate_limit = 50 smtpd_client_recipient_rate_limit
      Message 2 of 12 , May 8, 2014
      • 0 Attachment
        Am 08.05.2014 16:09, schrieb Alfredo Saldanha:
        > Is possible to decrease the postfix connection speed in case of possible spam?
        > Per number of connections or messages per second come from a specific IP?

        anvil_rate_time_unit = 1800s
        smtpd_client_connection_rate_limit = 50
        smtpd_client_recipient_rate_limit = 400
        smtpd_recipient_limit = 100
      • Alfredo Saldanha
        Thanks, I ll check this setup. Junix ... anvil_rate_time_unit = 1800s smtpd_client_connection_rate_limit = 50 smtpd_client_recipient_rate_limit = 400
        Message 3 of 12 , May 8, 2014
        • 0 Attachment
          Thanks,

          I'll check this setup.

          Junix


          Am 08.05.2014 16:09, schrieb Alfredo Saldanha:
          > Is possible to decrease the postfix connection speed in case of possible spam?
          > Per number of connections or messages per second come from a specific IP?

          anvil_rate_time_unit = 1800s
          smtpd_client_connection_rate_limit = 50
          smtpd_client_recipient_rate_limit = 400
          smtpd_recipient_limit = 100
        • Alfredo Saldanha
          When the documentation says: IMPORTANT: These limits must not be used to regulate legitimate traffic: mail will suffer grotesque delays if you do so. The
          Message 4 of 12 , May 8, 2014
          • 0 Attachment
            When the documentation says:
            "IMPORTANT: These limits must not be used to regulate legitimate traffic: mail will suffer grotesque delays if you do so. The limits are designed to protect the smtpd(8) server against abuse by out-of-control clients."

            How long is this "grotesque delays" ?

            Because the idea is not reject or discard the message.


            Am 08.05.2014 16:09, schrieb Alfredo Saldanha:
            > Is possible to decrease the postfix connection speed in case of possible spam?
            > Per number of connections or messages per second come from a specific IP?

            anvil_rate_time_unit = 1800s
            smtpd_client_connection_rate_limit = 50
            smtpd_client_recipient_rate_limit = 400
            smtpd_recipient_limit = 100
          • lists@rhsoft.net
            ... you need to adjust this to your mail-flow the values below are active for more than a year on a production server with 160 mail-domains where bulk mail is
            Message 5 of 12 , May 8, 2014
            • 0 Attachment
              Am 08.05.2014 17:26, schrieb Alfredo Saldanha:
              > When the documentation says:
              > "IMPORTANT: These limits must not be used to regulate legitimate traffic: mail will suffer grotesque delays if you do so. The limits are designed to protect the smtpd(8) server against abuse by out-of-control clients."
              >
              > How long is this "grotesque delays" ?
              > Because the idea is not reject or discard the message.

              you need to adjust this to your mail-flow

              the values below are active for more than a year on a production
              server with 160 mail-domains where bulk mail is prohibited in
              general because if somebody needs newsletter systems this is
              done here on a own application server with his own MTA and IP

              > Am 08.05.2014 16:09, schrieb Alfredo Saldanha:
              >> Is possible to decrease the postfix connection speed in case of possible spam?
              >> Per number of connections or messages per second come from a specific IP?
              >
              > anvil_rate_time_unit = 1800s
              > smtpd_client_connection_rate_limit = 50
              > smtpd_client_recipient_rate_limit = 400
              > smtpd_recipient_limit = 100
            • Wietse Venema
              ... As documented these features must not be used to control the flow of LEGITIMATE email. Wietse
              Message 6 of 12 , May 8, 2014
              • 0 Attachment
                Alfredo Saldanha:
                > When the documentation says:
                > "IMPORTANT: These limits must not be used to regulate legitimate
                > traffic: mail will suffer grotesque delays if you do so. The limits
                > are designed to protect the smtpd(8) server against abuse by
                > out-of-control clients."

                As documented these features must not be used to control the
                flow of LEGITIMATE email.

                Wietse
              • Alfredo Saldanha
                OK, Legitimate email is the normal authenticated users, newsletter, or something else, I suppose. I d like to put a delay in internal spammers cases. Because I
                Message 7 of 12 , May 8, 2014
                • 0 Attachment
                  OK,

                  Legitimate email is the normal authenticated users, newsletter, or something else, I suppose.
                  I'd like to put a delay in internal spammers cases.
                  Because I have today "customers" that pay to send 3 thousand spams per day.
                  The idea is let the authenticated user send 300 messages per hour in maximum 3K per 24h.
                  This is in company contract, out of this, I need to increase the delay time to don't punish the regular customers.

                  I'm curious And the grotesque delay time? How long?

                  > When the documentation says:
                  > "IMPORTANT: These limits must not be used to regulate legitimate
                  > traffic: mail will suffer grotesque delays if you do so. The limits
                  > are designed to protect the smtpd(8) server against abuse by
                  > out-of-control clients."

                  As documented these features must not be used to control the
                  flow of LEGITIMATE email.

                  Wietse
                • Viktor Dukhovni
                  ... Legitimate mail here means *inbound* mail to your MX hosts, from remote sites, that is not known or strongly suspected to be spam. ... You can apply
                  Message 8 of 12 , May 8, 2014
                  • 0 Attachment
                    On Thu, May 08, 2014 at 12:59:03PM -0300, Alfredo Saldanha wrote:

                    > Legitimate email is the normal authenticated users, newsletter, or something else, I suppose.

                    Legitimate mail here means *inbound* mail to your MX hosts, from
                    remote sites, that is not known or strongly suspected to be spam.

                    > I'd like to put a delay in internal spammers cases.

                    You can apply whatever rate limits you want to *outbound* mail.

                    > Because I have today "customers" that pay to send 3 thousand spams per day.

                    If your customers are spamming, and you don't terminate their
                    access, then you're spamming.

                    --
                    Viktor.
                  • lists@rhsoft.net
                    *please* get rid of reply-all on mailing-lists ... if your customers pay to send 3 thousand spams per day please tell us your IP to blacklist it ... you can
                    Message 9 of 12 , May 8, 2014
                    • 0 Attachment
                      *please* get rid of reply-all on mailing-lists

                      Am 08.05.2014 17:59, schrieb Alfredo Saldanha:
                      > Legitimate email is the normal authenticated users, newsletter, or something else, I suppose.
                      > I'd like to put a delay in internal spammers cases.
                      > Because I have today "customers" that pay to send 3 thousand spams per day

                      if your customers pay to send 3 thousand spams per day
                      please tell us your IP to blacklist it

                      > The idea is let the authenticated user send 300 messages per hour in maximum 3K per 24h.
                      > This is in company contract, out of this, I need to increase the delay time to don't punish the regular customers.

                      you can use 'smtpd_client_connection_rate_limit', 'smtpd_client_recipient_rate_limit'
                      and 'smtpd_recipient_limit' with different values for each listeners in master.cf

                      the rest is math

                      >> When the documentation says:
                      >> "IMPORTANT: These limits must not be used to regulate legitimate
                      >> traffic: mail will suffer grotesque delays if you do so. The limits
                      >> are designed to protect the smtpd(8) server against abuse by
                      >> out-of-control clients."
                      >
                      > As documented these features must not be used to control the
                      > flow of LEGITIMATE email.
                    • Alfredo Saldanha
                      Hi Viktor, Sorry my ignorance, but this is not inbound messages. This configuration is only to my MSAs servers. Our customers are not spammers, in these cases,
                      Message 10 of 12 , May 8, 2014
                      • 0 Attachment
                        Hi Viktor,

                        Sorry my ignorance, but this is not inbound messages.
                        This configuration is only to my MSAs servers.

                        Our customers are not spammers, in these cases, we block the user and break the contract, of course.
                        But is not dificult to comes another spammer, because of this I'm trying to configurate this actions.

                        Thank you.

                        ----- Mensagem original -----
                        De: "Viktor Dukhovni" <postfix-users@...>
                        Para: postfix-users@...
                        Enviadas: Quinta-feira, 8 de maio de 2014 13:10:10
                        Assunto: Re: Decrease the Postfix connection speed

                        On Thu, May 08, 2014 at 12:59:03PM -0300, Alfredo Saldanha wrote:

                        > Legitimate email is the normal authenticated users, newsletter, or something else, I suppose.

                        Legitimate mail here means *inbound* mail to your MX hosts, from
                        remote sites, that is not known or strongly suspected to be spam.

                        > I'd like to put a delay in internal spammers cases.

                        You can apply whatever rate limits you want to *outbound* mail.

                        > Because I have today "customers" that pay to send 3 thousand spams per day.

                        If your customers are spamming, and you don't terminate their
                        access, then you're spamming.

                        --
                        Viktor.
                      • Alfredo Saldanha
                        Sorry my english. But I mean that they try to do this, but we don t allow, of course. Thank you for your information. ... De: lists@rhsoft.net Para:
                        Message 11 of 12 , May 8, 2014
                        • 0 Attachment
                          Sorry my english.
                          But I mean that they try to do this, but we don't allow, of course.

                          Thank you for your information.

                          ----- Mensagem original -----
                          De: lists@...
                          Para: postfix-users@...
                          Enviadas: Quinta-feira, 8 de maio de 2014 13:11:37
                          Assunto: Re: Decrease the Postfix connection speed

                          *please* get rid of reply-all on mailing-lists

                          Am 08.05.2014 17:59, schrieb Alfredo Saldanha:
                          > Legitimate email is the normal authenticated users, newsletter, or something else, I suppose.
                          > I'd like to put a delay in internal spammers cases.
                          > Because I have today "customers" that pay to send 3 thousand spams per day

                          if your customers pay to send 3 thousand spams per day
                          please tell us your IP to blacklist it

                          > The idea is let the authenticated user send 300 messages per hour in maximum 3K per 24h.
                          > This is in company contract, out of this, I need to increase the delay time to don't punish the regular customers.

                          you can use 'smtpd_client_connection_rate_limit', 'smtpd_client_recipient_rate_limit'
                          and 'smtpd_recipient_limit' with different values for each listeners in master.cf

                          the rest is math

                          >> When the documentation says:
                          >> "IMPORTANT: These limits must not be used to regulate legitimate
                          >> traffic: mail will suffer grotesque delays if you do so. The limits
                          >> are designed to protect the smtpd(8) server against abuse by
                          >> out-of-control clients."
                          >
                          > As documented these features must not be used to control the
                          > flow of LEGITIMATE email.
                        • Noel Jones
                          ... Use a policy service such as postfwd to set hourly quotas for your users. http://www.postfix.org/addon.html#policy http://postfwd.org/ -- Noel Jones
                          Message 12 of 12 , May 8, 2014
                          • 0 Attachment
                            On 5/8/2014 11:26 AM, Alfredo Saldanha wrote:
                            > Sorry my english.
                            > But I mean that they try to do this, but we don't allow, of course.
                            >
                            > Thank you for your information.
                            >

                            Use a policy service such as postfwd to set hourly quotas for your
                            users.
                            http://www.postfix.org/addon.html#policy
                            http://postfwd.org/



                            -- Noel Jones
                          Your message has been successfully submitted and would be delivered to recipients shortly.