On Thu, Mar 31, 2011 at 07:51:43PM +0200, Ralf Hildebrandt wrote: > > Are there any suggestions on how to tune postfix to limit the spam > > throughput? > > There are also legitimate users who have bulk email to send, so > > limiting by recipient quantity (as we do on our webmail) wouldn't be > > desirable. > > You probably need a policy server which limits the sender to a certain > amount of mails per time unit. If that limit is being exceeded, you > could either tempfail the mails until some human admin lifts the ban > OR put the mails on hold.
Sounds reasonable, we have something like +200K mail accounts, and really, only something like a dozen user told us they want to send mass-mail (well, not spam but "legitime" one), all the others seems to be sending "some" mails sometimes. So it can be a good rule, that most people won't send even 100 mails per hour "by hand", and if this limit is exceeded then it can be some kind of non-reported mass mail sending (we can ask our customers to tell us if they want to send more mails, so the limit for a user can be set to a higher value), or some compromised account. Especially, I found it useful to check the IP of the peer, if its not own IP address space, and not even some other big ISPs nearby it's almost always spam. It's quite rare that compromised user accounts are used to send spam from our IP pool (it's another story that some customers have MTAs using us as relay, but they forget their MTAs as open relay .........) - Gábor
