ot: MySQL config/tuning advice

classic Classic list List threaded Threaded
23 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: Best practice when setting up a mail relay

Glenn English-2
> Jonathan S?lea:
>> Good evening,
>>
>> I am in the process of setting up a smtp-relay for a hosting provider.
>>
>> Basically, the relay should relay emails from hundreds of servers out to
>> the net. I do want some "protection" against if a website is hacked and
>> starts to spew out thousands of emails.
>> For example:
>> www.siteA.xyz on ServerY is hacked and someone is using mail() in order
>> to send hundreds of thousands email via localhost - that is relayed to
>> the smtp relay (that only accepts mail from internal servers). And
>> instead of relaying them out to the web it does stop thoose kind of email.
>>
>> Is that possible? Can postfix just dump the emails "down the drain"
>> instead of sending them? And can that be triggered if ServerY sends 100
>> emails in 10 seconds for example.

Since you seem to be on Linux, you might be able to do this with
iptables and not bother Postfix, which pays attention to the RFCs.

If iptables can catch the spam, you could have iptables redirect to a
little daemon you write that puts the mail in /dev/null, then returns
and logs exactly what Postfix says when it sends successfully. If this
is a serious spammer, that'd pull the rug right out from under him/her.

--
Glenn English
Reply | Threaded
Open this post in threaded view
|

Re: Best practice when setting up a mail relay

Jonathan Sélea
In reply to this post by Matthew McGehrin
Thanks both of you, and Glenn English that answered my first email.

I will consider postfw, it looks like it suit me needs at the moment :)
I currently use mailscanner - it works OK but that functionality I just
asked for is missing in that package.

I have never thought about having a fallback server that handles bounces
- that is a good idea! Thank you.
We do have many websites/servers and we are handling atleast 14k
mail/hour (including system mail)

/ Jonathan


On 2018-01-06 21:16, Matthew McGehrin wrote:

> Hello,
>
> Depending on the volume of mail, you might want to consider having a
> pool of outbound servers with a DNS round-robin, along with a
> dedicated fallback server that only handles bounces. So that your
> primary queues are only handling active deliveries, and your fallback
> just handles the bounces/delayed messages.
>
> Matthew
>
>
> Wietse Venema wrote:
>> Jonathan S?lea:
>>  
>>> Good evening,
>>>
>>> I am in the process of setting up a smtp-relay for a hosting provider.
>>>
>>> Basically, the relay should relay emails from hundreds of servers
>>> out to
>>> the net. I do want some "protection" against if a website is hacked and
>>> starts to spew out thousands of emails.
>>> For example:
>>> www.siteA.xyz on ServerY is hacked and someone is using mail() in order
>>> to send hundreds of thousands email via localhost - that is relayed to
>>> the smtp relay (that only accepts mail from internal servers). And
>>> instead of relaying them out to the web it does stop thoose kind of
>>> email.
>>>
>>> Is that possible? Can postfix just dump the emails "down the drain"
>>> instead of sending them? And can that be triggered if ServerY sends 100
>>> emails in 10 seconds for example.
>>>    
>>
>> You can use postfwd (www.postfwd.org) to enforce rate limits on many
>> SMTP properties (client, sender, recipient, ...).
>>
>>  
>>> I hope my problem is easy to understand :)
>>>    
>>
>> Quite clear. Thanks for being a good network citizen.
>>
>>     Wietse
>>
>>  


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Best practice when setting up a mail relay

allenc
In reply to this post by Jonathan Sélea


On 06/01/18 18:27, Jonathan Sélea wrote:

> For example:
> www.siteA.xyz on ServerY is hacked and someone is using mail() in order
> to send hundreds of thousands email via localhost - that is relayed to
> the smtp relay (that only accepts mail from internal servers). And
> instead of relaying them out to the web it does stop thoose kind of email.
>
> Is that possible? Can postfix just dump the emails "down the drain"
> instead of sending them? And can that be triggered if ServerY sends 100
> emails in 10 seconds for example.


In main.cf:-

smtpd_client_connection_count_limit  (default is 50 connections)
        Limits the number of simultaneous connections
        a remote host can make.

smtpd_client_connection_rate_limit (disabled by default)
        Limits the number of connection attempts
        a remote host can make per time unit.

anvil_rate_time_unit (default is 60 seconds)
        Sets the value of the time unit.

A simple script can pick up the connect refusal from the postfix log,
and add the host address to an iptables block-list.

Allen C


12