0

I am investigating a way to control how many emails an authenticated user can send per day: For example, I would like to put a global limit per user to a maximum 1000 emails sent per day. Or a per used rule.

This is because the other day a user of our company had her account guessed, and these guys used her account to send 90k+ emails in 1 day before we noticed (it was Sunday). We quickly changed her credentials (she had a very weak password, so now I am learning how to force strong passwords on all accounts, and are almost there).

But anyway, any user can have his user/pass stolen, and the hackers can use SMTP authentication to send lots of unwanted emails through our MTA.

  • I want to keep SMTP open for authentication, so users can use any email application/client, and our server to send their emails
  • Domino is configured not as an open relay, but authenticated users can send email freely

I would like a way to tell Domino that if any authenticated user send more than X emails in the last Y hours, the server should stop taking that user requests to send emails, send the administrators an email notifying this situation, and provide a way to "unlock" that user.

Any ideas? Is this achievable with the OOTB Domino functionality? Are there plugins that I can use for this purpose? Would you recommend an open-source software to achieve this, which could be run along Domino? Thanks!

goberreuter
  • 1
  • Just wanted to express my heart-felt condolences that you need to work with Domino. That thing is a steaming pile of poo. :) – EEAA Nov 10 '15 at 02:45
  • jeje could be, anyhow it has some features I like, like implementing clustering is not hard at all. Anyway, is like a love-hate relationship: sometimes I just hate it, some others I like it. – goberreuter Nov 11 '15 at 19:36

1 Answers1

1

I do not know a way how to implement that on native Lotus Domino (and by the way you can do much more in the config as you can do on Exchange).

However what I would do if I would be you is the following:

  1. Block SMTP for the normal users (the Notes client didn´t require SMTP)
  2. Create taskuser who can use SMTP
  3. Configure Domino so that it accept only emails from the taskuser and only for the hostnames the taskuser use
  4. Make sure you use the Notes id AND the password. So another user need both to authenticate with the server rather then only a password [Tip: Use the IDVault].
  5. Use a password policy
  6. Get in contact with your local HR department and setup some company guidelines which everybody need to sign. They shouldn´t share there passwords or "hack" anybody else password without getting legal issues.

IF you still wish to implement your idea you could build it on your own. You could configure the domino server so that it didn´t route automatically emails. Then they will stay on the server mail.box. Then you need to build a own agent, who transfer the emails to another server and counts the amount into a domino database. Another agent (e.g. lotus script) will reset the statistics in the night. Additional to that you might implement a config document where you can add some user (vips) which do not have a such a limitation. HOWEVER this required some coding and isn´t that easy, but could be implemented. But its not out of the box...

BastianW
  • 2,848
  • 4
  • 19
  • 34
  • Just add the information, that there are tools you can buy (iqSuite Wall, BCC MailProtect) to your answer, then it is perfect. – Tode Nov 11 '15 at 07:30
  • Thank you Bastian, I really need to allow SMTP authenticated users to send email. So for me is a question of HOW to control smtp outbound mail using rate = emails/timeunit, not if I should. As suggested by Torsten (thanks too), I will have a look at commercial tools, but as far as I have checked, the solution that best convince me is the implementation of a domino server plugin which allows this. Can anybody recommend a company/person who offers the service of Domino coding? Thanks again! – goberreuter Nov 11 '15 at 19:10