Hi, I've been reading around here quite a lot lately. Many different things have been said & tried & suggested ..

But what I had in mind was this, and mind you I am no expert in linux, so please correct me if I am wrong..

Since most spammers sign up for an account, and immediately try to send out 100's of thousands of spam mails .. and not say, a couple of hundred a day ..(would take too long), is it not possible to limit sendmail / qmail in linux to somehow by default limit EVERY user on the system to a specific number of emails per day?

Say I want that each user has their smtp access disabled after they have sent out 100 emails during a 24hour period ..

They're simply disallowed access for 12 hours to smtp, admin is notified to investigate automatically, etc.


I guess in short my question is:

" can you limit all users on a linux box to a certain numbrer of emails sent through smtp per day? "

If anyone has done this, or know whether it's possible or not - your input will be appreciated..

Cheers,
papillon

:eek:

Ok, let's change that 100 to say, a 1000 emails per day. 99.9999995% of customers will never even come close to that. The one in 10 000 customers that may or may not need more, well I can worry about him when/if it ever happens ..

Leaving it unlimited, so that someone can send off 500 000 emails in 4-5 hours, cost me hundreds of dollars, put my company's reputation at risk in any way .. why?

Anyway, I didn't ask what you would do, I asked whether anyone knew a way to limit smtp to a certain number of sends per day per user .. Your input is appreciated but, not on-topic, thanks.

Originally posted by papillon
Ok, let's change that 100 to say, a 1000 emails per day. 99.9999995% of customers will never even come close to that.

What mailserver software do you use?

Do you use SMTP AUTH?

If not, how should it know which user sent the emails - by IP address logging? or?

well that is the question :)

What would be ways of tracking this so it can be limited? I understand username/password could be one ..but I would have to assign one to every user, so they can use smtp ..

what about ip address tracking? any suggestions on that .. anyone done it that way or have any ideas how to?

papillon

Well, certainly it is possible, technically. But not without some hassles I'm afraid. There is currently no (?) mail servers that can do that out of the box without some customization.

Crazy, I was just about to post a similar question!

If there are no programs that will block smtp access after a specified number of emails, what about a program that will monitor which users are sending, and send an email to the admin if there are more than X per day?

Originally posted by mpope
Crazy, I was just about to post a similar question!

If there are no programs that will block smtp access after a specified number of emails, what about a program that will monitor which users are sending, and send an email to the admin if there are more than X per day?

Same answer with the original question :) You have to do some tinkering to make it work the way you want. For my system, I'm going to do just that, writing a program to monitor email traffic usage, and blocks automatically when the usage is above a certain liimit.

You can do it with Sendmail. You just need to auth before SMTP and then limit of messages the user can send during their session. Then you can slow down the time between messages. While this does not eliminate SPAMMers it sure bugs the heck out of them.

Well I have a solution. I know alot about cgi/php/mysql but not much about linux. Still I have an idea.

I am going to build a script that gets executed by cron maybe ever 15, 30 or 60 mins. The script will look at the last 24 hours of email logs and count emails per user, if a user has sent more than 500 then action is taken to stop the user send more.

Does anyone want to add suggestions or maybe help out? I want to make a script that can be made public so we stop spammers.

Originally posted by vSector
I am going to build a script that gets executed by cron maybe ever 15, 30 or 60 mins. The script will look at the last 24 hours of email logs and count emails per user, if a user has sent more than 500 then action is taken to stop the user send more.
Hmmm... so I can sign up for an account with you, and as long as I take less than 15 minutes or so to send a few thousand emails, I can get away with spamming once... and then move on to the next host that's using the same script?

I appreciate what you're trying to do, but it seems like you're closing the barn door after the horses have escaped... or however that tired analogy goes.

Dont you even want to try and stop the spammers? I dont see you suggesting anything else...

I think if you catch the spammer at 1000 when he/she could have sent 100000 then the script has worked. Spam is a major issue and there are hundreds of people in the same boat, I dont think the its going to be fixed straight away, i am just trying help.

I think he was trying to think like spammers do, which is a good idea. What about my idea from my other post? http://www.webhostingtalk.com/showthread.php?s=&postid=231367#post231367

One thing to take care of if you write something like this, is that a user can upload a script to send e-mail directly to other mail servers. This would not get logged as it's not processed by your own mail server software.
I'd have a look at blocking outgoing traffic to port 25 for all users, except for the user the mailserver runs as. This is certainly something to look into if you're gonna try to be safe from spammers.

Originally posted by T_E_O
One thing to take care of if you write something like this, is that a user can upload a script to send e-mail directly to other mail servers. This would not get logged as it's not processed by your own mail server software.
I'd have a look at blocking outgoing traffic to port 25 for all users, except for the user the mailserver runs as. This is certainly something to look into if you're gonna try to be safe from spammers.

You can achieve that using kernel 2.4 and iptables. However, I haven't found a way to do that with kernel 2.2. :(

Hello
Most spam is not sent using SMTP at all, its sent out suing sendmail via scripts which link to huge tect files of e-mail addresses.
Limiting that would be practically impossible without annoying genuine customers.

Best to be vigilant and learn to spot patterns.
If we get an odd order which just doesn't seem right I will put it on a server we have not added a new account to for a month or so.
If spamming starts on that box its likely to be the quarantined user and we can cut him off or monitor him better because he is in quarantine.
SOme of the biggest problems are with resellerfs customers though as resellers don't have the experience to spot these people.

Gordon

Originally posted by GordonH

...
Most spam is not sent using SMTP at all, its sent out suing sendmail via scripts which link to huge tect files of e-mail addresses.
...


Hi Gordon,

You're saying the same thing that I tried to explain in my last post. As I mentioned you might be able to block outgoing traffic to port 25 based on the username trying to connect. You could allow the user 'mail' or whatever username your mailserver is using to connect to the outside world using port 25."

:)

We do something similar to the quarantine, basically when someone signs up and doesn't put up a site, but rather just a cgi-bin, they get flagged and the sysadmin watches the server load and mailq very closely. Almost without fail we'll catch them at the first 100 or so emails, then promptly clear the mailq, suspend their account and inform them that they've lost :)