So one of my users had her password compromised, and her account was used to send spam. That annoyed my VPS provider, who’s blocked outgoing ports 25/465 until it’s resolved. OK, reset her password to something random, counsel her on password safety (and password managers), etc.
But what I’m wondering now is whether it’s possible to set a rate limit on outgoing emails, ideally on a per-account basis. Or at least, to set up warnings to admin at a certain mail volume. I recall SME having a contrib that did the latter, but I’m not seeing anything for Neth–is it there?
A rate limit on a per account basis would be very useful. Could this be added to the nethserver-rspamd module? https://rspamd.com/doc/modules/ratelimit.html
Maybe other handy extra’s?
Fail2ban blocks emails, even if the user’s authenticated? I hadn’t expected that. Not that I think it’s a bad thing necessarily, but it doesn’t seem like it fits with the “Fail2” part of “Fail2ban”.
Does rspamd, in its default Neth configuration, scan/limit/reject outgoing mail? Because if so, I’d expect it to have caught the problem.
if the IP does the user belong send more than 100 emails per ten minutes then it is banned during X minutes, you can disabled the postfix-sasl-abuse if you do not want it