On Fri, Mar 11, 2011 at 12:29:00PM -0300, Lauro Costa G. Borges wrote:
>>> I'm trying to limit how many messages can be sent to a recipient.
>>
>> - A specific set of recipients or as a general rule?
>
> A general rule.
>
>> - Per sender, or across the entire MTA?
>
> The entire MTA.
>
>> - Why?
>
> Some company systems send email when something is wrong. Some of our users
> have .forward which sends a copy of messages arriving to their company
> e-mail to an external e-mail, such as GMail. This gets out smtp-out server
> temporarily blocked on some external mail servers.
Thanks, now it is very clear. For this we have internally developed a
policy service (running on the internal MSAs) called "flood-stopper". It
looks for streams of email from a sender to fixed set of recipients,
when the same envelope is seen repeatedly (multiple thresholds over
progressively longer times to catch both quick bursts and slow, but
steady surges) the policy service returns a "HOLD" verdict, and further
mail for the same sender + recipients is placed in the HOLD queue.
A notification is sent to the support team when a new flood is detected,
and no recent notices of the same sort have been sent. The support team
has tools to sort through the hold queue and delete floods sent by
poorly designed applications that send repeated email notices instead
of logging and sending one consolidated email alert.
So you need a policy service that detects both Achiles and Tortoise
mail floods, shunts the mail into the HOLD queue, and notifies your
team that they should at some point drain the cesspool: delete
junk, and release any false positives.
--
Viktor.
