SMTP message rate control on Ubuntu 8.04, preferably with postfix

email spam postfix

Solution 1:

In the end I used policyd which does just this sort of thing. I configured it to limit a single IP address to no more than 10000 messages an hour and 1 GB. Below is a copy of the doc a wrote up for myself in case anyone finds it helpful.

Configuring postfix and policyd

After the packages have been installed make the following changes to their configurations. In /etc/postfix/main.cf add the following line

smtpd_client_restrictions = check_policy_service inet:127.0.0.1:10031

In /etc/postfix-policyd.conf

  • change WHITELISTING=1 to WHITELISTING=0
  • change GREYLISTING=1 to GREYLISTING=0
  • change SENDERTHROTTLE=0 to SENDERTHROTTLE=1
  • change QUOTA_EXCEEDED_TEMP_REJECT=1 to QUOTA_EXCEEDED_TEMP_REJECT=0
  • change SENDER_QUOTA_REJECTION="Quota Exceeded." to SENDER_QUOTA_REJECTION="Quota Exceeded, 10,000 messages/hour max!"
  • change SENDER_SIZE_REJECTION="Message size too big." to SENDER_SIZE_REJECTION="Message size too big. 10Mb per message or 1 Gb/hour max!"
  • change SENDERMSGLIMIT=512 to SENDERMSGLIMIT=10000
  • change SENDERRCPTLIMIT=3600 to SENDERRCPTLIMIT=10000
  • change SENDERQUOTALIMIT=250000000 to SENDERQUOTALIMIT=1000000000
  • change SENDERMSGSIZE=10240000 to SENDERMSGSIZE=50000000
  • change SENDER_INACTIVE_EXPIRE=31d to SENDER_INACTIVE_EXPIRE=1h

Solution 2:

Possibly interesting for your implementation:

default_destination_concurrency_limit (default: 20)

    The default maximal number of parallel deliveries to the same destination. This is the default limit for delivery via the lmtp(8), pipe(8), smtp(8) and virtual(8) delivery agents. With per-destination recipient limit > 1, a destination is a domain, otherwise it is a recipient.

    Use transport_destination_concurrency_limit to specify a transport-specific override, where transport is the master.cf name of the message delivery transport.

Solution 3:

Anvil was really meant to limit incoming message rates, not limit outgoing. Think of it as a crude DoS filter.

You might want to look at the settings that pertain to the qmgr portion of postfix. Specifically, you might want to set your concurrency limits to something very low, and your wait-around-in-the-queue times very high. You'll want to set the rate of delivery to something that has a large(r) delay, and also want to lower the number of delivery processes in master.cf.

Have you looked at using qshape to determine what will be an acceptable rate for your internal MTA?

Related

Does tmux have all the features that screen has? And those screen is missing?
SSH passphrase remembered in MacOSX Snow Leopard
Ansible playbook to upload and execute a python script
Using 4k drives with md/LVM/dm-crypt
How to serve custom dns to dhcp clients in openWrt? [closed]
How to add a group to the sysadmin fixed server role in SQL Server 2008 R2?
Do I need to run a verfication on LTO tape backups even though the drives themselves perform verification as they write?
Linux: Block IPv6 for certain applications / hostnames
How does anycast work with tcp?
Why change net.inet.tcp.tcbhashsize in FreeBSD?
private key and public key in same directory causes ssh to fail
Block outgoing connections for certaing uids (root, apache, nobody)