RE: [qmailtoaster] Request for ideas: limiting outbound traffic

2015-10-25 Thread Rajesh M 
dan

pl see attached script which i modified based on some script i found online
http://serverfault.com/questions/538233/qmail-limit-number-of-emails-sent-by-user-or-domain-per-hour

it scans /var/log/maillog lines for the words smtp and submission, login 
success -- ie authenticated logins

it calculates the number of logins which exceeds specified limit per day

details are entered in a blacklist file and also email is sent to administrator

it can also change the users password automatically if the limit is violated

you can also add exclusions

you can cron this every 2-3 minutes

also maillog by default rotates every week which can be reduced to 1 day so 
that the script can run faster.

it works for me but please check out for yourself before you use it.

once you test out kindly share your reviews so that others can benefit

NOTE

i am NOT A PROGRAMMER.
basically i did some googling and got this working

all credits to some guy who first posted it here
http://serverfault.com/questions/538233/qmail-limit-number-of-emails-sent-by-user-or-domain-per-hour


rajesh

- Original Message -
From: Dan McAllister [mailto:q...@it4soho.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Tue, 20 Oct 2015 10:29:23 -0400
Subject: [qmailtoaster] Request for ideas: limiting outbound traffic

Greetings QMT faithful.

I have an issue I'd like to throw out there -- I have a small number of
users (on a server with about 20,000 users) that are abusing the service
in that they're purposefully sending out huge amounts of mail.

Fortunately, so far none of their email campaigns have resulted in any
RBL activity, but nearly every large-scale ESP (Email Service Provider)
has limits set on the number of outbound messages per day (or per hour)
that can be sent. I think we need the ability to enforce that too, but how?

Ideas?

Thanks in advance

Dan McAllister
IT4SOHO

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


#!/bin/sh
#
#This script limits the number of smtp or submission logins per user per day, 
basically limiting the number of emails per day. 
#If limit is exceed then user's password can be change automatically
# email can be sent to administrator
#blacklisted domains are listed in a blacklist file
#specific trusted email ids can be exluded


MAILLOG="/var/log/maillog"
MAX_LOGINS_ALLOWED=200
ID_SERVER="ID_SERVER"
CONTACT=host...@indiannic.com
BLACK_LIST=/var/www/html/webdata/blacklist
VUSERINFO="/home/vpopmail/bin/vuserinfo"
VPASSWD="/home/vpopmail/bin/vpasswd"
EXCLUDE="us...@abc.com\|us...@pqr.com\|us...@xyz.com"
AUX=$(mktemp)

echo "$(date) qmail-antispam : Checking logs"

echo $EXCLUDE

function LstUsers
{
grep "$(date +"%b %d")" $MAILLOG | grep -v $EXCLUDE | grep 'submission:\|smtp:' 
| grep success | awk -Fsuccess {'print $2'} |awk -F: {'print $1'} | sort | uniq 
-c | sort -n | awk {'print $1"|"$2'}
}

LstUsers >$AUX

#cat $AUX

for i in $(cat $AUX); do

logins_qty=$(echo $i | awk -F\| {'print $1'})
user=$(echo $i | awk -F\| {'print $2'})

if [ $logins_qty -gt $MAX_LOGINS_ALLOWED ]; then

#echo "$(date) Authentication Limits Exceeded: $user"
#echo "$(date) Check if $user is suspended"

if [ "$(cat $BLACK_LIST | grep "$(date +"%b %d %Y")" | grep $user)" == 
"" ]; then
#echo "$(date) qmail-antispam : Suspending the user: $user Logins 
qty: $logins_qty Maximum_Permitted: $MAX_LOGINS_ALLOWED" >> $MAILLOG
password_captured=$($VUSERINFO $user | grep "clear passwd" | awk 
-F: {'print $2'})

 THIS LINE ENTERS DETAILS OF USERS EXCEEDING LIMITS IN BLACKLIST 
FILE

echo "$(date +"%b %d %Y")" $user $password_captured $logins_qty 
>>$BLACK_LIST

### THIS SENDS EMAIL

echo -e "Dated: $(date) \nUser: $user \nPassword: 
$password_captured \nLogins qty: $logins_qty" | mail -s "Notice of spam 
$ID_SERVER" "$CONTACT"

### CHANGES PASSWORD IF UNCOMMENTED
#$VPASSWD $user -r

fi

fi

done

echo "$(date) qmail-antispam : Finished Checking"
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Request for ideas: limiting outbound traffic

2015-10-21 Thread Bharath Chari 

On 10/20/2015 06:07 PM, Angus McIntyre wrote:


On Oct 20, 2015, at 10:29 AM, Dan McAllister > wrote:
I have an issue I'd like to throw out there -- I have a small number 
of users (on a server with about 20,000 users) that are abusing the 
service in that they're purposefully sending out huge amounts of mail.


Fortunately, so far none of their email campaigns have resulted in 
any RBL activity, but nearly every large-scale ESP (Email Service 
Provider) has limits set on the number of outbound messages per day 
(or per hour) that can be sent. I think we need the ability to 
enforce that too, but how?


Scanning the outbound logs would tell you when they’re exceeding their 
quota.


The brute-force solution then be to have a script that scanned the 
outbound logs, counted the number of mails sent, and then changed 
their password if it exceeded the limits. They’d then be shut out, and 
they’d have to ask you to restore their account. The script could also 
generate a warning mail to them.


That ought to be fairly straightforward to implement, but it’s not 
very clean.


I’ve come across references to Bruce Guenter’s qmail-qfilter:

http://untroubled.org/qmail-qfilter/

which sounds as if it might provide a basis for what you want to do. 
However, I have no experience with this, and no idea whether it’s 
something supported by an un-patched qmailtoaster install.


Angus


Found this link that suggests a similar method:

http://serverfault.com/questions/538233/qmail-limit-number-of-emails-sent-by-user-or-domain-per-hour

Bharath

[qmailtoaster] Request for ideas: limiting outbound traffic

2015-10-20 Thread Dan McAllister 

Greetings QMT faithful.

I have an issue I'd like to throw out there -- I have a small number of 
users (on a server with about 20,000 users) that are abusing the service 
in that they're purposefully sending out huge amounts of mail.


Fortunately, so far none of their email campaigns have resulted in any 
RBL activity, but nearly every large-scale ESP (Email Service Provider) 
has limits set on the number of outbound messages per day (or per hour) 
that can be sent. I think we need the ability to enforce that too, but how?


Ideas?

Thanks in advance

Dan McAllister
IT4SOHO

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Request for ideas: limiting outbound traffic

2015-10-20 Thread Angus McIntyre 

> On Oct 20, 2015, at 10:29 AM, Dan McAllister  wrote:
> I have an issue I'd like to throw out there -- I have a small number of users 
> (on a server with about 20,000 users) that are abusing the service in that 
> they're purposefully sending out huge amounts of mail.
> 
> Fortunately, so far none of their email campaigns have resulted in any RBL 
> activity, but nearly every large-scale ESP (Email Service Provider) has 
> limits set on the number of outbound messages per day (or per hour) that can 
> be sent. I think we need the ability to enforce that too, but how?

Scanning the outbound logs would tell you when they’re exceeding their quota.

The brute-force solution then be to have a script that scanned the outbound 
logs, counted the number of mails sent, and then changed their password if it 
exceeded the limits. They’d then be shut out, and they’d have to ask you to 
restore their account. The script could also generate a warning mail to them.

That ought to be fairly straightforward to implement, but it’s not very clean.

I’ve come across references to Bruce Guenter’s qmail-qfilter:

http://untroubled.org/qmail-qfilter/ 


which sounds as if it might provide a basis for what you want to do. However, I 
have no experience with this, and no idea whether it’s something supported by 
an un-patched qmailtoaster install.

Angus

Re: [qmailtoaster] Request for ideas

2008-04-29 Thread Sam Clippinger 
Whitelisting the sender address should prevent spamdyke from blocking 
the incoming messages.  It's possible your machine is configured to 
check SORBS using some other mechanism however -- are you still using 
rblsmtpd?  Is spamdyke logging any errors or messages about this 
sender?  It might help if you posted your spamdyke configuration file 
and your /var/qmail/supervise/smtp/run file.


-- Sam Clippinger

Dan McAllister wrote:

Greetings fellow QMail admins:

I am having an issue that is not life-threatening (or even 
business-threatening), but annoying none-the-less.


I have a client who recently moved her Linux Server to her 
semi-retirement apartment in anther state. Her Linux Server reports 
in daily with status and various scan results. However, since her 
move (basically, since the switch to a dynamic IP address), my server 
has been blocking those reports because SORBS (correctly) sees her 
system as being on a dynamic IP block.


So, the question for the group is:
Can I turn off spam blocking for a specific address, or better yet, 
whitelist a from address?


I am using QMT, all latest updates (except latest ClamAV), and have 
added on SpamDyke. NOTE: I have already created the whitelist_sender 
file in my spamdyke control directory -- to no effect.


Thanks in advance for all ideas!

Dan

Daniel McAllister, President

IT4SOHO, LLC
224 - 13th Avenue N
St. Petersburg, FL 33701

877-IT4SOHO: Toll Free
727-647-7646 In Pinellas
813-464-2093 In Hillsborough
727-507-9435 Fax Only

When did you do your last backup?

Ask me about unattended offsite backup solutions...
to protect your business, not just your data!



-
QmailToaster hosted by: VR Hosted http://www.vr.org
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
QmailToaster hosted by: VR Hosted http://www.vr.org
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[qmailtoaster] Request for ideas

2008-04-28 Thread Dan McAllister 

Greetings fellow QMail admins:

I am having an issue that is not life-threatening (or even 
business-threatening), but annoying none-the-less.


I have a client who recently moved her Linux Server to her 
semi-retirement apartment in anther state. Her Linux Server reports in 
daily with status and various scan results. However, since her move 
(basically, since the switch to a dynamic IP address), my server has 
been blocking those reports because SORBS (correctly) sees her system as 
being on a dynamic IP block.


So, the question for the group is:
Can I turn off spam blocking for a specific address, or better yet, 
whitelist a from address?


I am using QMT, all latest updates (except latest ClamAV), and have 
added on SpamDyke. NOTE: I have already created the whitelist_sender 
file in my spamdyke control directory -- to no effect.


Thanks in advance for all ideas!

Dan

Daniel McAllister, President

IT4SOHO, LLC
224 - 13th Avenue N
St. Petersburg, FL 33701

877-IT4SOHO: Toll Free
727-647-7646 In Pinellas
813-464-2093 In Hillsborough
727-507-9435 Fax Only

When did you do your last backup?

Ask me about unattended offsite backup solutions...
to protect your business, not just your data!



-
QmailToaster hosted by: VR Hosted http://www.vr.org
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [qmailtoaster] Request for ideas

2008-04-28 Thread Jake Vickers 

Dan McAllister wrote:

Greetings fellow QMail admins:

I am having an issue that is not life-threatening (or even 
business-threatening), but annoying none-the-less.


I have a client who recently moved her Linux Server to her 
semi-retirement apartment in anther state. Her Linux Server reports 
in daily with status and various scan results. However, since her 
move (basically, since the switch to a dynamic IP address), my server 
has been blocking those reports because SORBS (correctly) sees her 
system as being on a dynamic IP block.


So, the question for the group is:
Can I turn off spam blocking for a specific address, or better yet, 
whitelist a from address?


I am using QMT, all latest updates (except latest ClamAV), and have 
added on SpamDyke. NOTE: I have already created the whitelist_sender 
file in my spamdyke control directory -- to no effect.


Thanks in advance for all ideas!


On my site (v2gnu.com) I have a script that I used to use for dynamic 
IPs that would check the machine's IP address periodically (hourly for 
me) and upload a file via FTP if the IP different from what it used to 
be. Maybe something like that could be adapted to fit your needs.
Eric also uses dyndns's smarthost feature to send emails from his 
dynamic IP address. Might be worth a look (I think it's like $35 per year).
You could get fancy and establish a VPN between the machines as well and 
trust the VPN subnet.


-
QmailToaster hosted by: VR Hosted http://www.vr.org
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]