Clayton's Tech Bits

Home

Contact

Resumé / C.V.

Links

Search this site:
Custom Search

Categories:

/ (224)
  Admin/ (86)
    Apache/ (7)
      HTTPS-SSL/ (4)
    Cherokee/ (1)
    LAN/ (4)
    LVM/ (3)
    Monitoring/ (2)
      munin/ (2)
    OpenVPN/ (1)
    SSH-Proxy/ (3)
    SSH-SSL/ (6)
    backups/ (16)
      SpiderOak/ (1)
      backuppc/ (5)
      dirvish/ (1)
      misc/ (6)
      rdiff-backup/ (1)
      rsync/ (1)
      unison/ (1)
    commandLine/ (11)
    crontab/ (1)
    databases/ (8)
      MSSQL/ (2)
      MySQL/ (5)
      PostgreSQL/ (1)
    dynamicDNS/ (2)
    email/ (9)
      Dovecot/ (1)
      deliverability/ (1)
      misc/ (1)
      postfix/ (6)
    iptables/ (2)
    virtualization/ (8)
      VMware/ (1)
      virtualBox/ (7)
  Coding/ (11)
    bash/ (1)
    gdb/ (1)
    git/ (2)
    php/ (4)
    python/ (3)
      Django/ (1)
  Education/ (1)
  Hosting/ (23)
    Amazon/ (14)
      EBS/ (3)
      EC2/ (11)
    Godaddy/ (2)
    NearlyFreeSpeech/ (3)
    Rackspace/ (1)
    vpslink/ (3)
  Linux/ (20)
    Awesome/ (3)
    CPUfreq/ (1)
    Chinese/ (1)
    Debian/ (5)
      WPA/ (1)
    audio/ (1)
    encryption/ (2)
    fonts/ (1)
    misc/ (4)
    router-bridge/ (2)
  SW/ (39)
    browser/ (2)
      Chrome/ (1)
      Firefox/ (1)
    business/ (25)
      Drupal/ (8)
      KnowledgeTree/ (6)
      Redmine/ (2)
      SugarCRM/ (6)
      WebERP/ (2)
      eGroupware/ (1)
    email/ (1)
    fileSharing/ (1)
      mldonkey/ (1)
    graphics/ (2)
    research/ (2)
    website/ (6)
      blog/ (6)
        blosxom/ (3)
        rss2email/ (1)
        webgen/ (1)
  Security/ (12)
    IMchat/ (1)
    circumvention/ (2)
    e-mail/ (4)
    greatFirewall/ (1)
    hacking/ (1)
    password/ (1)
    privacy/ (1)
    skype/ (1)
  Services/ (1)
    fileSharing/ (1)
  TechWriting/ (1)
  xHW/ (13)
    Lenovo/ (1)
    Motorola_A1200/ (2)
    Thinkpad_600e/ (1)
    Thinkpad_a21m/ (3)
    Thinkpad_i1300/ (1)
    Thinkpad_x24/ (1)
    USB_audio/ (1)
    scanner/ (1)
    wirelessCards/ (2)
  xLife/ (17)
    China/ (9)
      Beijing/ (5)
        OpenSource/ (3)
    Expatriation/ (1)
    Vietnam/ (7)

Archives:

  • 2012/03
  • 2012/01
  • 2011/12
  • 2011/11
  • 2011/10
  • 2011/09
  • 2011/08
  • 2011/07
  • 2011/06
  • 2011/05
  • 2011/04
  • 2011/02
  • 2010/12
  • 2010/11
  • 2010/10
  • 2010/09
  • 2010/08
  • 2010/07
  • 2010/06
  • 2010/05
  • 2010/04
  • 2010/03
  • 2010/02
  • 2010/01
  • 2009/12
  • 2009/11
  • 2009/10
  • 2009/09
  • 2009/08
  • 2009/07
  • 2009/06
  • 2009/05
  • 2009/04
  • 2009/03
  • 2009/02
  • 2009/01
  • 2008/12
  • 2008/11
  • 2008/10
  • 2008/09

    • Subscribe XML RSS Feed

    Sat, 06 Sep 2008

    /Admin/email/postfix: Impeding Spammers: Cap the SMTP E-mail Send Rate

    One name: postfix-policyd[1]. Awesome. And I am only using just one of its features to-date.

    I am not sure what the performance hit will be, because policyd is quite data intensive, and therefore is in fairly constant communication with MySQL. But this is an unavoidable nature of the beast.

    The feature I am using is "Sender-based Throttling", wherein I can restrict *anyone* (not just my own users) who connects to my SMTP server to sending no more then a specified number of messages into my server over a specified period of time (message rate - say max 10 msgs/hr, for instance) addressed to no more then a specific number of addressees per period (say max 100 addressees per hour, for instance). The same feature is also supposed to restrict message size, and bandwidth used (ie. MB per hour, for instance, per user) but I have not yet gotten this working.

    One caveat: webmail clients running on the same server do not use SMTP to send mail, they just use sendmail. So this method of restriction does not apply to webmail users (who are a *much* smaller spam problem...)

    One gotcha, that wasted several of my hours: I finally figured out that when I used StartTLS / SASL to send a message through SMTP, it was not being counted. This was caused by an order-of-parameters problem in /etc/postfix/main.cf. The postfix website[2] says main.cf should be configured as follows: 

    
 5 /etc/postfix/main.cf:
 6     smtpd_recipient_restrictions =
 7         ... 
 8         reject_unauth_destination 
 9         check_policy_service unix:private/policy
    which implied that check_policy_service should be the last item on the list. My current smtpd_recipient_restrictions list looks like this: 
    
smtpd_recipient_restrictions = 
   check_policy_service inet:127.0.0.1:10031
   permit_sasl_authenticated
   reject_unauth_destination
   reject_unlisted_recipient
    My problem was that before, permit_sasl_authenticated was at the top of the list, which meant that SASL authenticated e-mails were immediately accepted and NEVER PASSED to policyd. Move permit_sasl_authenticated below the check_policy_service and policyd gets to make its decision first.

    [1] http://www.policyd.org/
    [2] http://www.postfix.org/SMTPD_POLICY_README.html

    posted at: 02:08 | path: /Admin/email/postfix | permanent link to this entry