On 16.01.20 17:48, Daniel Ryšlink wrote:
As someone already mentioned, that's what the Postfix limits are for,
namely
smtpd_recipient_limit
smtpd_client_recipient_rate_limit
smtpd_client_connection_rate_limit
smtpd_client_message_rate_limit
smtpd_soft_error_limit
smtpd_hard_error_limit
Even if it is a "spammer sending slowly", there will be still
characteristics that will make it possible to identify the incident
automatically - suddenly unusual number of unique recipients, unusual
number of errors, etc. The automatic solution allows you to cull the
spam wave as it happen, potentially limiting the impact.
unfortunately, I have meet spam attach where spammer was sending too slowly
to notice, not hitting any of those limits.
It was slower than ordinary users of said server, who ocasionally send
more mail and faster.
If you
reactively, manually start to look for a problem because your queue
suddenly starts filling up because you have been blacklisted
downstream for forwarding spam, the damage was already done and you
will have to suffer the consequences for some time (legitimate mail of
your users will be rejected).
And if a queue is filled with spam from a hacked account, then it's
IMO proper to delete all the queued mail from that account via
postsuper -d - the user compromised his/her auth information somehow,
so he/she cannot expect any of his/her mail to be delivered, and
millions of bounces won't help anything anyway.
This thread discusses different problem that can have different solution.
let's not mix all kind of problems with all kinds of ssolutions.
On 15 Jan 2020, at 15:12, Noel Jones <njo...@megan.vbhcs.org> wrote:
We've had problems with users mistyping domain names, such as
hotmal.com or aoil.com. And they ignore the delay warning
message because they still don't notice their typo.
Citát "@lbutlr" <krem...@kreme.com>:
Then they get the bounce when the max queue expires.
The messages in the queue are not hurting anything and unless
there are millions and millions of them, they are not worth
manually handling (nor adding custom transport maps to “fix”
user’s tyops).
On 16. 01. 20 8:02, azu...@pobox.sk wrote:
I don't agree with this. Yes, technically it isn't a problem but we
(and for sure not alone) are using message queue size as a sign of a
problem - if there are much more messages then usual, our monitoring
software is notifying us. In most cases it is a sign of hacked
account which is spamming - in about 50% of such cases, spammers are
sending spam very slowly, so you cannot simply note it, that's why
we monitor it. And that's why it is a problem when there are lots of
messages which you cannot get rid of by any means.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."