Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Thread

Reject instead of deferring for local sendmail

Reject instead of deferring for local sendmail

2014-11-26 by Georgi Petrov

Hello,

We are experimenting with rate limiting the outgoing mails. Basically this prevents hacked email accounts and hacked websites from sending spam. Currently we have the following configuration in the greylist:

# Whitelist root - this is for all system messages, etc.
racl whitelist from root@...

# Outgoing Mail Rate Limit - 50 messages for 30 minutes
ratelimit "outgoing_mail_limit" rcpt 50 / 30m key "%f"
racl greylist from /.*/ ratelimit "outgoing_mail_limit" delay 31m autowhite 0m msg "Message quota exceeded"
racl whitelist default

It works as expected, any mail over the limit is rejected with "Message quota exceeded" message for SMTP clients (like Thunderbird, etc.).

The problem is, if the message is send through PHP mail() function (using the local sendmail program) it is not rejected, but deferred (goes in the queue) (fragment from the mail log, actual addresses are replaced):

milter-greylist: ratelimit overflow for class outgoing_mail_limit: 19187, limit is 50 recipients / 1800 sec, key = "user@..."
milter-greylist: 4141D1C67C57: addr localhost[127.0.0.1] from user@....com to user@... delayed for 00:19:46 (ACL 73)
postfix/cleanup[25357]: 4141D1C67C57: milter-reject: RCPT from localhost[127.0.0.1]: 4.7.1 Message quota exceeded; from=<user@...in.com> to=<user@otherserver.com>
postfix/cleanup[25357]: warning: 4141D1C67C57: milter configuration error: can't reject recipient in non-smtpd(8) submission
postfix/cleanup[25357]: warning: 4141D1C67C57: deferring delivery of this message

This is basically what happens when a website is hacked and hundreds of email messages are sent through a PHP script. So milter-greylist actually stops them from being sent, but unfortunatelly they fill up the queue. This then creates other problems (I/O load, unable to queue other messages, etc.) so it is like half solution.

Is there a way we can reject or drop instead of deferring any message over the queue even for non smtpd submission (when sent through PHP mail or local sendmail)?

Thanks a lot for your suggestions and help!

Georgi

Re: [milter-greylist] Reject instead of deferring for local sendmail

2014-11-26 by Emmanuel Dreyfus

On Wed, Nov 26, 2014 at 12:15:47PM +0200, Georgi Petrov georgi.petrov@... [milter-greylist] wrote:
> Is there a way we can reject or drop instead of deferring any message over
> the queue even for non smtpd submission (when sent through PHP mail or
> local sendmail)?

Why don't you use racl blacklist for rate limit?

-- 
Emmanuel Dreyfus
manu@...

Re: [milter-greylist] Reject instead of deferring for local sendmail

2014-11-26 by Georgi Petrov

Well, here is the same with racl blacklist:

milter-greylist: ratelimit overflow for class outgoing_mail_limit: 13, limit is 3 recipients / 300 sec, key = "user@..."
milter-greylist: 4534E1E2D7E: addr localhost[127.0.0.1] from user@... to otheruser@... blacklisted (ACL 157)
postfix/cleanup[3021]: 4534E1E2D7E: milter-reject: RCPT from localhost[127.0.0.1]: 5.7.1 Message quota exceeded; from=<user@...> to=<otheruser@...>
postfix/cleanup[3021]: warning: 4534E1E2D7E: milter configuration error: can't reject recipient in non-smtpd(8) submission
postfix/cleanup[3021]: warning: 4534E1E2D7E: deferring delivery of this message

The message is deferred and not rejected again, also the messages stay in the queue forever (if we use greylist the messages are sent when the user drops under the limit).

Georgi
Show quoted textHide quoted text
On Wed, Nov 26, 2014 at 12:27 PM, Emmanuel Dreyfus manu@... [milter-greylist] <milter-greylist@yahoogroups.com> wrote:

On Wed, Nov 26, 2014 at 12:15:47PM +0200, Georgi Petrov georgi.petrov@... [milter-greylist] wrote:
> Is there a way we can reject or drop instead of deferring any message over
> the queue even for non smtpd submission (when sent through PHP mail or
> local sendmail)?

 Why don't you use racl blacklist for rate limit?

--
Emmanuel Dreyfus
manu@...


Re: [milter-greylist] Reject instead of deferring for local sendmail

2014-11-26 by Georgi Petrov

OK, it looks like it is a limitation of Postfix:

"This generally works as expected, with only one exception: non-SMTP filters must not REJECT or TEMPFAIL simulated RCPT TO commands. When a non_smtpd_milters application REJECTs or TEMPFAILs a recipient, Postfix will report a configuration error, and mail will stay in the queue."

Here: http://www.postfix.org/MILTER_README.html

Basically we cannot just reject the emails send via the local sendmail program. We could only add something to the header of the message, like the maximum spam score (I don't know if this is possible with milter-greylist) and then somehow set Postfix to drop all outgoing messages with high spam score before accepting them to the queue (the cleanup process)... any ideas?

Georgi
Show quoted textHide quoted text
On Wed, Nov 26, 2014 at 4:14 PM, Georgi Petrov <georgi.petrov@...> wrote:
Well, here is the same with racl blacklist:

milter-greylist: ratelimit overflow for class outgoing_mail_limit: 13, limit is 3 recipients / 300 sec, key = "user@..."
milter-greylist: 4534E1E2D7E: addr localhost[127.0.0.1] from user@server.domain.com to otheruser@... blacklisted (ACL 157)
postfix/cleanup[3021]: 4534E1E2D7E: milter-reject: RCPT from localhost[127.0.0.1]: 5.7.1 Message quota exceeded; from=<user@server.domain.com> to=<otheruser@...>
postfix/cleanup[3021]: warning: 4534E1E2D7E: milter configuration error: can't reject recipient in non-smtpd(8) submission
postfix/cleanup[3021]: warning: 4534E1E2D7E: deferring delivery of this message

The message is deferred and not rejected again, also the messages stay in the queue forever (if we use greylist the messages are sent when the user drops under the limit).

Georgi

On Wed, Nov 26, 2014 at 12:27 PM, Emmanuel Dreyfus manu@... [milter-greylist] <milter-greylist@yahoogroups.com> wrote:

On Wed, Nov 26, 2014 at 12:15:47PM +0200, Georgi Petrov georgi.petrov@... [milter-greylist] wrote:
> Is there a way we can reject or drop instead of deferring any message over
> the queue even for non smtpd submission (when sent through PHP mail or
> local sendmail)?

 Why don't you use racl blacklist for rate limit?

--
Emmanuel Dreyfus
manu@...



Re: [milter-greylist] Reject instead of deferring for local sendmail

2014-11-26 by Emmanuel Dreyfus

On Wed, Nov 26, 2014 at 04:56:31PM +0200, Georgi Petrov georgi.petrov@... [milter-greylist] wrote:
> Basically we cannot just reject the emails send via the local sendmail
> program. We could only add something to the header of the message, like the
> maximum spam score (I don't know if this is possible with milter-greylist)

Yes, you can add a headerusing the addhdr clause, IIRC.

-- 
Emmanuel Dreyfus
manu@...

Re: [milter-greylist] Reject instead of deferring for local sendmail

2014-11-26 by Florin Grosu

Hello everybody,

I didn't know you can do this with greylist, I'll take a look at it, I'm interested too. And if I may suggest, there are some alternative solutions for the outgoing rate limiting: policyd aka cluebringer for postfix (http://wiki.policyd.org/accounting) and a couple of milters rate-limit for sendmail (https://www.milter.org/milter/103 which works now also with postfix, or https://metacpan.org/pod/distribution/App-Milter-Limit/bin/milter-limit). These solutions are pretty much efficient, although you have to add an "extra-layer" to your e-mail system.

Regards,
Florin

 
Le 26 nov. 2014 à 17:55, Emmanuel Dreyfus manu@... [milter-greylist] <milter-greylist@yahoogroups.com> a écrit :


    

 On Wed, Nov 26, 2014 at 04:56:31PM +0200, Georgi Petrov georgi.petrov@ump-bg.com [milter-greylist] wrote:
> Basically we cannot just reject the emails send via the local sendmail
> program. We could only add something to the header of the message, like the
> maximum spam score (I don't know if this is possible with milter-greylist)

Yes, you can add a headerusing the addhdr clause, IIRC.

-- 
Emmanuel Dreyfus
manu@...

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.