SMTP Limiting Recipients?

Started by cho, May 27, 2004, 11:07:49 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

cho

May 27, 2004, 11:07:49 AM
Hi there,

I have a successful MailToaster 3.39 install for a web based e-mail program called atmail.  So far I've had great success with all the features of the toaster, however the server has 16,000 web users currently and I'm having problems with spammers.

Problems with Spam:
Because anybody can just register for the site and get a web-based e-mail address Atmail has built in support for limiting the number of e-mail recipients a user can send to from one message via the web.  This is successful in limiting spammers from the site; however users also get a smtp/pop3 login when signing up.  So far I've been unsuccessful in limiting spam via smtp and it's really causing a headache.  As fast as I can remove spamming users, they sign up for a new account and start pushing through smtp again.

Is there an easy way to limit the number of recipients per message that is sent through SMTP, and the number of messages someone can send per hour via SMTP in the toaster?

I've heard of tarpitting but can't seem to find any configuration for it in the toaster and am not sure it if is the right tool for the job.  I saw this patch for qmail spamthrottle: http://spamthrottle.qmail.ca/man/qmail-spamthrottle.5.html" target="_blank">http://spamthrottle.qmail.ca/man/qmail-spamthrottle.5.html , should I try something similar?

Anybody aware of a more simple way to deal with this?


Thanks in Advance,
Cho

matt

#1
May 28, 2004, 03:46:51 PM
read the toaster-watcher.conf file. Watch for the tarpit options. They are in there.

Matt

cho

#2
May 29, 2004, 02:47:08 AM
I'd like to find more documentation on the below variables:

qmail_tarpit_count             = 50
qmail_tarpit_delay             = 5

The above set has no real impact on abuse of SMTP on the toaster.
Does the toaster use classic tarpitting?  It says http://spamthrottle.qmail.ca/man/qmail-spamthrottle.5.html" target="_blank">http://spamthrottle.qmail.ca/man/qmail-spamthrottle.5.html that this is easily circumvented by creating multiple smtp connections; all of which lie below the thresholds above.  

This seems to be what is happening.  Any suggestions?

donavan

#3
June 11, 2004, 07:09:51 PM
Its a dirty hack but you could parse your sendlog for users outbound connections.  It will print one line with something like:

@4000000040ca4f11267a076c info msg 84626: bytes 1988 from <mailto:notdonavan@notmontereybay.com" target="_blank">notdonavan@notmontereybay.com> qp 50365 uid 89

where you can grab the msg number (84626)
the next line is a delivery with the same msg #.

@4000000040ca4f11315f07cc starting delivery 512628: msg 84626 to local mailto:montereybay.com-yrhoades@notmontereybay.com" target="_blank">montereybay.com-yrhoades@notmontereybay.com

So your total number of recipients could be counted as the number of times "msg #" appears, -1 for the sender line. Then keep something like an SQL table with the sender addy and total number of recipients per time period. something like "#/usr/local/vpopmail/bin/vmoduser -s mailto:user@host.com" target="_blank">user@host.com" would lock them out of smtp though they could still use webmail etc.

Should be a pretty simple perl/shell script really, with a cron job every time period to update the lock out/reipient count.
Print
Go Up Pages1
User actions