Am 19.02.2019 um 12:23 schrieb Christos Chatzaras:
We wrote a shell script that runs hourly and notifies us for SASL
authentications with IPs for at least 2 different countries in the
previous hour. In the future we plan to automatically change the
password if SASL authentications are from 3 different countries. This
catches most of the hacked e-mail accounts.
Also we use Postfix relays with Rspamd checking the From header (we don't
allow users to spoof From address) and doing rate limits (500 e-mails /
hour). If someones tries to send more e-mails then the extra e-mails go
to queue for later delivery. So we have some time to manually check.
On 19.02.19 15:20, Admin Beckspaced wrote:
so I might want to look into rate limits.
Have not looked into rspamd as I'm running postfix with amavis-new and
spamassassin
Is rspamd compatible with amavis-new?
They mostly do the same.
Looking at its docs, it has the same problem when scanning outgoing mail:
http://rspamd.com/doc/tutorials/scanning_outbound.html
- scanning outgoing mail is much harder than incoming, because most of it
lacks common spam signs (and that's why spammers do this)
However the rate limiting seems could help much, as long as other rate
limiting tricks and other techniques mentioned in this thread.
Unfortunately I have already encountered case where account was used dor
spreading spam, slowly to notice, where rate limiting wouldn't (i think it
didn't) help.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete
