limiting damage done by a compromised account

Ken A ka at pacific.net
Mon Jan 24 20:24:48 GMT 2011 

+1 on milter-limit.

It's free, easy to use, and can simply quarantine > x messages per day 
from any sender or relay.

With quarantine, the mail is there for later inspection and possible 
whitelisting - if a certain sender needs to send a lot of mail. The 
sender might only notice a delay.

Simple rules go into your access list:

# exceptions
milter-limit-From:sales at somewhere.not  5000/1d
# default
milter-limit-From: 500/1d

Ken


On 1/24/2011 12:02 PM, Stephen Swaney wrote:
> Sean,
>
> take a look at rate-limiting by Anthony Howe of Snertsoft. I quote below from:
>
> http://www.snertsoft.com/sendmail/milter-limit/
>
> This Sendmail mail filter aims to limit the number of messages by connecting client IP, sender, or recipient. Its intended to be a utility milter to control the flow of mail. It could be used on the outbound side like Hotmail's daily message limits to limit local user's consumption (particularly if they appear to be infected by a mass mailing worm); it could be used inbound as an alternative to grey-listing. It could be enabled and disabled as needed during periods of peak Internet activity such as during a virus outbreak or spam holiday season.
>
> It’s free.
>
> Our commercial products BarricadeMX and BarricadeMX Plus include a rate-limiting milter-limit feature and :
>
> ----------------------
>
> smtp-strict-relay: (on or off)
>
> Only allow outbound messages from our specified relays and where the sender is from one of the domains we route email from.
> ----------------------
>
> rate-throttle=(no of seconds, default = 30)
>
> # Overall client connections per second allowed before imposing a
> # one second delay. Specify zero (0) to disable.
> ----------------------
>
> Concurrent-Connect:ip
> Concurrent-Connect:domain
>
> This is used to specify the maximum number of concurrent connections an SMTP client is permitted at any one time. Specify an integer or zero (0) to disable. The bare tag can be used to specify a global setting. If an SMTP client exceeds the allotted number of connections, then the incoming connection is dropped, while existing connections continue.
> ----------------------
>
> Msg-Limit-Connect:ip
> Msg-Limit-Connect:domain
> Msg-Limit-From:mail
> Msg-Limit-To:mail
>
> Used to limit the number of messages a SMTP client, sender, or recipient can send/receive in a given time period. A message limit is given as:
> messages '/' time [unit]
>
> which is the number of messages per time interval. The time unit specifier can be one of week, day, hour, minute, or seconds (note only the first letter is significant). A negative number for messages will disable any limit.
> ----------------------
>
> Please contact me off list if you need more information.
>
> Steve

-- 
Ken Anderson
Pacific Internet - http://www.pacific.net

More information about the MailScanner mailing list