Rate Limiting users from different IPs

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Rate Limiting users from different IPs

Durga Prasad Malyala
Hello all,
To overcome scam due to compromised accounts,Currently we are using a
beautiful software https://github.com/MirLach/ratelimit-policyd

However we have a few issues. Generally spammers dont put a lot of
peple in cc or bcc. they send individual mails to a lot of users. This
software counts people in cc or bcc also. This blocks the HR or admin
people sending out announcements or notifications also.

So it needs to be fine tuned as below.

1. Allow a specifc subnet of trusted networks to send without restrictions.
2. If a users is sending after sasl authentication from different IPs
within a specific time range - block that user. (reset his password
and send mail to administrator).
3. have a toggle switch for mails counting in cc or bcc or put them
under a higher limit.
Any Ideas and suggestions / links to similar software doing this
please contribute.

Thanks/DP
Reply | Threaded
Open this post in threaded view
|

Re: Rate Limiting users from different IPs

Noel Jones-2
On 8/1/2018 12:43 PM, Durga Prasad Malyala wrote:

> Hello all,
> To overcome scam due to compromised accounts,Currently we are using a
> beautiful software https://github.com/MirLach/ratelimit-policyd
>
> However we have a few issues. Generally spammers dont put a lot of
> peple in cc or bcc. they send individual mails to a lot of users. This
> software counts people in cc or bcc also. This blocks the HR or admin
> people sending out announcements or notifications also.
>
> So it needs to be fine tuned as below.
>
> 1. Allow a specifc subnet of trusted networks to send without restrictions.

This can be easily done with a check_client_access whitelist before
your check_policy_service, or your policy service may have an
internal whitelist.


> 2. If a users is sending after sasl authentication from different IPs
> within a specific time range - block that user. (reset his password
> and send mail to administrator).

This would need modifications to your policy script.  I'm not aware
of any existing policy services that monitor client IP use.

This also seems likely to false-positive eg. when someone sends mail
from both their phone (on cell service) and their desktop/laptop (on
LAN/WiFi). I'm guessing that allowing legit multi-IP use while
blocking imposters would be non-trivial.


> 3. have a toggle switch for mails counting in cc or bcc or put them
> under a higher limit.

The postfix policy service cannot examine message headers, so it is
not possible to determine if a particular recipient is in the to:
cc: or not listed (bcc).  A content filter such as spamassassin may
be able to help.

> Any Ideas and suggestions / links to similar software doing this
> please contribute.
>
> Thanks/DP
>


  -- Noel Jones