RE: [qmailtoaster] Request for ideas: limiting outbound traffic

[Rajesh M]

dan

pl see attached script which i modified based on some script i found online
http://serverfault.com/questions/538233/qmail-limit-number-of-emails-sent-by-user-or-domain-per-hour

it scans /var/log/maillog lines for the words smtp and submission, login 
success -- ie authenticated logins

it calculates the number of logins which exceeds specified limit per day

details are entered in a blacklist file and also email is sent to administrator

it can also change the users password automatically if the limit is violated

you can also add exclusions

you can cron this every 2-3 minutes

also maillog by default rotates every week which can be reduced to 1 day so 
that the script can run faster.

it works for me but please check out for yourself before you use it.

once you test out kindly share your reviews so that others can benefit

NOTE

i am NOT A PROGRAMMER.
basically i did some googling and got this working

all credits to some guy who first posted it here
http://serverfault.com/questions/538233/qmail-limit-number-of-emails-sent-by-user-or-domain-per-hour


rajesh

- Original Message -
From: Dan McAllister [mailto:q...@it4soho.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Tue, 20 Oct 2015 10:29:23 -0400
Subject: [qmailtoaster] Request for ideas: limiting outbound traffic

Greetings QMT faithful.

I have an issue I'd like to throw out there -- I have a small number of
users (on a server with about 20,000 users) that are abusing the service
in that they're purposefully sending out huge amounts of mail.

Fortunately, so far none of their email campaigns have resulted in any
RBL activity, but nearly every large-scale ESP (Email Service Provider)
has limits set on the number of outbound messages per day (or per hour)
that can be sent. I think we need the ability to enforce that too, but how?

Ideas?

Thanks in advance

Dan McAllister
IT4SOHO

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


#!/bin/sh
#
#This script limits the number of smtp or submission logins per user per day, 
basically limiting the number of emails per day. 
#If limit is exceed then user's password can be change automatically
# email can be sent to administrator
#blacklisted domains are listed in a blacklist file
#specific trusted email ids can be exluded


MAILLOG="/var/log/maillog"
MAX_LOGINS_ALLOWED=200
ID_SERVER="ID_SERVER"
CONTACT=host...@indiannic.com
BLACK_LIST=/var/www/html/webdata/blacklist
VUSERINFO="/home/vpopmail/bin/vuserinfo"
VPASSWD="/home/vpopmail/bin/vpasswd"
EXCLUDE="us...@abc.com\|us...@pqr.com\|us...@xyz.com"
AUX=$(mktemp)

echo "$(date) qmail-antispam : Checking logs"

echo $EXCLUDE

function LstUsers
{
grep "$(date +"%b %d")" $MAILLOG | grep -v $EXCLUDE | grep 'submission:\|smtp:' 
| grep success | awk -Fsuccess {'print $2'} |awk -F: {'print $1'} | sort | uniq 
-c | sort -n | awk {'print $1"|"$2'}
}

LstUsers >$AUX

#cat $AUX

for i in $(cat $AUX); do

logins_qty=$(echo $i | awk -F\| {'print $1'})
user=$(echo $i | awk -F\| {'print $2'})

if [ $logins_qty -gt $MAX_LOGINS_ALLOWED ]; then

#echo "$(date) Authentication Limits Exceeded: $user"
#echo "$(date) Check if $user is suspended"

if [ "$(cat $BLACK_LIST | grep "$(date +"%b %d %Y")" | grep $user)" == 
"" ]; then
#echo "$(date) qmail-antispam : Suspending the user: $user Logins 
qty: $logins_qty Maximum_Permitted: $MAX_LOGINS_ALLOWED" >> $MAILLOG
password_captured=$($VUSERINFO $user | grep "clear passwd" | awk 
-F: {'print $2'})

 THIS LINE ENTERS DETAILS OF USERS EXCEEDING LIMITS IN BLACKLIST 
FILE

echo "$(date +"%b %d %Y")" $user $password_captured $logins_qty 
>>$BLACK_LIST

### THIS SENDS EMAIL

echo -e "Dated: $(date) \nUser: $user \nPassword: 
$password_captured \nLogins qty: $logins_qty" | mail -s "Notice of spam 
$ID_SERVER" "$CONTACT"

### CHANGES PASSWORD IF UNCOMMENTED
#$VPASSWD $user -r

fi

fi

done

echo "$(date) qmail-antispam : Finished Checking"
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Request for ideas: limiting outbound traffic

[Bharath Chari]

On 10/20/2015 06:07 PM, Angus McIntyre wrote:


On Oct 20, 2015, at 10:29 AM, Dan McAllister > wrote:
I have an issue I'd like to throw out there -- I have a small number 
of users (on a server with about 20,000 users) that are abusing the 
service in that they're purposefully sending out huge amounts of mail.


Fortunately, so far none of their email campaigns have resulted in 
any RBL activity, but nearly every large-scale ESP (Email Service 
Provider) has limits set on the number of outbound messages per day 
(or per hour) that can be sent. I think we need the ability to 
enforce that too, but how?


Scanning the outbound logs would tell you when they’re exceeding their 
quota.


The brute-force solution then be to have a script that scanned the 
outbound logs, counted the number of mails sent, and then changed 
their password if it exceeded the limits. They’d then be shut out, and 
they’d have to ask you to restore their account. The script could also 
generate a warning mail to them.


That ought to be fairly straightforward to implement, but it’s not 
very clean.


I’ve come across references to Bruce Guenter’s qmail-qfilter:

http://untroubled.org/qmail-qfilter/

which sounds as if it might provide a basis for what you want to do. 
However, I have no experience with this, and no idea whether it’s 
something supported by an un-patched qmailtoaster install.


Angus


Found this link that suggests a similar method:

http://serverfault.com/questions/538233/qmail-limit-number-of-emails-sent-by-user-or-domain-per-hour

Bharath

[qmailtoaster] Request for ideas: limiting outbound traffic

[Dan McAllister]

Greetings QMT faithful.

I have an issue I'd like to throw out there -- I have a small number of 
users (on a server with about 20,000 users) that are abusing the service 
in that they're purposefully sending out huge amounts of mail.


Fortunately, so far none of their email campaigns have resulted in any 
RBL activity, but nearly every large-scale ESP (Email Service Provider) 
has limits set on the number of outbound messages per day (or per hour) 
that can be sent. I think we need the ability to enforce that too, but how?


Ideas?

Thanks in advance

Dan McAllister
IT4SOHO

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Request for ideas: limiting outbound traffic

[Angus McIntyre]

> On Oct 20, 2015, at 10:29 AM, Dan McAllister  wrote:
> I have an issue I'd like to throw out there -- I have a small number of users 
> (on a server with about 20,000 users) that are abusing the service in that 
> they're purposefully sending out huge amounts of mail.
> 
> Fortunately, so far none of their email campaigns have resulted in any RBL 
> activity, but nearly every large-scale ESP (Email Service Provider) has 
> limits set on the number of outbound messages per day (or per hour) that can 
> be sent. I think we need the ability to enforce that too, but how?

Scanning the outbound logs would tell you when they’re exceeding their quota.

The brute-force solution then be to have a script that scanned the outbound 
logs, counted the number of mails sent, and then changed their password if it 
exceeded the limits. They’d then be shut out, and they’d have to ask you to 
restore their account. The script could also generate a warning mail to them.

That ought to be fairly straightforward to implement, but it’s not very clean.

I’ve come across references to Bruce Guenter’s qmail-qfilter:

http://untroubled.org/qmail-qfilter/ 


which sounds as if it might provide a basis for what you want to do. However, I 
have no experience with this, and no idea whether it’s something supported by 
an un-patched qmailtoaster install.

Angus