1

I have a postfix/dovecot mail server with 100 different users. When they send an email they need to be authenticated. I successfully use saslauth to achieve this.

Few days ago I had a problem. One specific user, probably with a virus or a spam-bot installed in its computer, started to send out through my server thousands of emails in few hours. As result, my ip has been blocked by many isp provider (@aol, @yahoo, and others) and has been listed in many blacklist, making all my 100 users unable to send any email to anyone.

What is the best practice to avoid this problem? It would be great if my server could recognize a spamming user and automatically block it. Also, have a limit of, say, 30 emails per hour could be a partial solution.

Any idea how to face this problem? Thank you

Jack
  • 485
  • 1
  • 4
  • 12
  • Possible duplicate: http://serverfault.com/questions/290684/postfix-limiting-the-rate-at-which-a-particular-user-can-send-email – charlesbridge Oct 26 '12 at 11:16
  • I had a smiliar case although much lower rate of sent emails. I wonder why spamassassin didn't catch them ? – ychaouche Jul 21 '15 at 12:30

2 Answers2

2
  • Rate limiting is possible with postfix
  • Filtering outgoing e-mail for spam would solve you getting blacklisted. It will however, take some extra system resources.
Jeroen
  • 1,339
  • 7
  • 16
1

What is your current anti-virus setup? How often do the users have their machines scanned for malicious stuff? Some good discussion on this here

Install some monitoring software which will alert you once the send rate goes over 30 emails per hour? I'm pretty sure you can achieve exactly this with Nagios and it'll even give you some pretty graphs.

Implementing this along with outbound spam filtering will hopefully prevent this in the future. Most spam filters will instantly recognise the content that is being sent out as spam because they direct to well known spamming domains which are listed on URIBLs. You can use SpamAssassin with Postfix.

Blates
  • 150
  • 6