DevHeads.net

ot: pre emptive throttling/limiting ?

I have a small server with several domains, always worry some dumb users'
account will get hacked and start spamming (including this dumb user,
like, my own forgotten test account got hacked....)

is it a good idea to put some limits or throttling 'just in case' ?

Postfix 2.11, average server usage is like:
Per-Day Traffic Summary

Comments

Re: ot: pre emptive throttling/limiting ?

By Scott Lambert at 05/25/2016 - 17:51

On Wed, May 25, 2016 at 08:18:23PM +1000, Voytek wrote:
Yes, it is always a good idea to have message send limits 'just in case'.

I use policyd2 and give users the ability to send 200 messages per hour
and 500 messages per 24 hours. 99.9% of my users are okay with those
limits and I haven't been blacklisted since. Then next 0.09% of users
are okay with me resetting their counters once or twice per year when
they send out class reunion mailings or some other rare legitimate mass
mailing.

My brother used his account from a hotspot once and got compromised.
So yes, I run the limits even on my personal mail server where I trust
everyone.