<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#333333">
Im running mail server for ISP. We use separate server for incoming and
outgoing mail server and postfix as our MTA.<br>
<br>
We set our outgoing MTA with following restriction when they are not
authenticated : <br>
<ol>
<li class="level1">
<div class="li"> Within 10 minutes , client can make 20 connection
to our server </div>
</li>
<li class="level1">
<div class="li"> Within 10 minutes , user can send email(s) with a
maximum of 150 recipients.</div>
</li>
<li class="level1">
<div class="li"> In 1 connection, user can include up to 150
recipients.</div>
</li>
</ol>
When user hit this limit we give them SMTP error with link to a website
which show them <br>
what this error message means and instruction on how to setup smtp auth
if they want to send large quantity of email. <br>
<br>
Authenticated user have far less restriction compared to non
authenticated user. <br>
<br>
All outgoing mail scanned by MailScanner with customized SA rules. <br>
Basically we disable all RBL based check and few rules that trigger
false positive.<br>
Increase URIBL / SURBL scoring so it reach high scoring spam &
increase razor score.<br>
<br>
We use MailWatch to log email transaction details to MySQL database and
we create <br>
a script to find IP addresses that send more than 5 spam/virus in 30
minutes. <br>
We blacklist these offender at SMTP level for 2 hour. <br>
<br>
The SMTP rejection error message contain URL asking them to go our spam
report website.<br>
When user go to this website, we get their origin IP address and
provide them explanation on why they get blacklisted, <br>
status if they are still on the blacklist, and also a list of
Spam/Virus originated from their IP adress in the last 24 hour. <br>
They can request immediate removal ( maximum 3 times before 24 hour ban
). <br>
<br>
If user continuously spamming/sending virus for 7 days we generate
email threatening to lock their DSL/dialup account they dont stop. <br>
User that continuously spamming/sending virus for 1 week after we sent
the letter will get lock. <br>
<br>
<br>
<br>
Regards,<br>
Rianto Wahyudi<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</body>
</html>