limit user to send mails

kropla · Jul 6, 2021

Hello
yesterday i had some security issue on my mail server. some user trying to sent 20k mails. i cancel this operation after 6k mails but i wonder it is possible that on proxmox mail gtw (we used it in front of -> including outgoing traffic) will be some reglamentation to send lot of mail in the same time ? it is possible to hold this mails and notify the admin ? below two radnom mails. (i have bounced mails and delivered)

Code:

Jul 5 17:20:40 mx postfix/smtpd[12580]: connect from mail-sensor.external.domain[X.X.X.X]
Jul 5 17:20:40 mx postfix/smtpd[12580]: 3F566405B2: client=mail-sensor.external.domain[X.X.X.X]
Jul 5 17:20:40 mx postfix/cleanup[12606]: 3F566405B2: message-id=<20210705162034.367C38DA2E341361@sender.domain>
Jul 5 17:20:40 mx postfix/qmgr[945]: 3F566405B2: from=<some_user@sender.domain>, size=8033, nrcpt=1 (queue active)
Jul 5 17:20:40 mx postfix/smtpd[12580]: disconnect from mail-sensor.external.domain[X.X.X.X] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jul 5 17:20:40 mx pmg-smtp-filter[12529]: 60F1B60E323484103B: new mail message-id=<20210705162034.367C38DA2E341361@sender.domain>#012
Jul 5 17:20:40 mx postfix/smtpd[12565]: connect from localhost.localdomain[127.0.0.1]
Jul 5 17:20:40 mx postfix/smtpd[12565]: 4F97940ACA: client=localhost.localdomain[127.0.0.1], orig_client=mail-sensor.external.domain[X.X.X.X]
Jul 5 17:20:40 mx postfix/cleanup[12560]: 4F97940ACA: message-id=<20210705162034.367C38DA2E341361@sender.domain>
Jul 5 17:20:40 mx postfix/qmgr[945]: 4F97940ACA: from=<some_user@sender.domain>, size=8236, nrcpt=1 (queue active)
Jul 5 17:20:40 mx postfix/smtpd[12565]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Jul 5 17:20:40 mx pmg-smtp-filter[12529]: 60F1B60E323484103B: accept mail to <a.basamad@bonnoncoffee.com> (4F97940ACA) (rule: default-accept)
Jul 5 17:20:40 mx pmg-smtp-filter[12529]: 60F1B60E323484103B: processing time: 0.066 seconds (0, 0.046, 0)
Jul 5 17:20:40 mx postfix/lmtp[12561]: 3F566405B2: to=<a.basamad@bonnoncoffee.com>, relay=127.0.0.1[127.0.0.1]:10023, delay=0.08, delays=0/0/0/0.07, dsn=2.5.0, status=sent (250 2.5.0 OK (60F1B60E323484103B))
Jul 5 17:20:40 mx postfix/qmgr[945]: 3F566405B2: removed
Jul 5 17:21:22 mx postfix/smtp[12613]: 4F97940ACA: to=<a.basamad@bonnoncoffee.com>, relay=mail.bonnoncoffee.com[160.153.54.128]:25, delay=42, delays=0.01/0.01/22/20, dsn=5.0.0, status=bounced (host mail.bonnoncoffee.com[160.153.54.128] said: 550 This is an Invalid Email Address ! (in reply to RCPT TO command))
Jul 5 17:21:22 mx postfix/qmgr[945]: 4F97940ACA: removed





Jul 5 17:25:12 mx postfix/smtpd[14913]: connect from mail-sensor.external.domain[X.X.X.X]
Jul 5 17:25:12 mx postfix/smtpd[14913]: EDC534304B: client=mail-sensor.external.domain[X.X.X.X]
Jul 5 17:25:12 mx postfix/cleanup[15092]: EDC534304B: message-id=<20210705162115.2CF04B7FFE3DA3DD@sender.domain>
Jul 5 17:25:12 mx postfix/smtpd[14913]: disconnect from mail-sensor.external.domain[X.X.X.X] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jul 5 17:25:12 mx postfix/qmgr[945]: EDC534304B: from=<some_user@sender.domain>, size=7991, nrcpt=1 (queue active)
Jul 5 17:25:12 mx pmg-smtp-filter[15192]: 60F2560E32458F0BF0: new mail message-id=<20210705162115.2CF04B7FFE3DA3DD@sender.domain>#012
Jul 5 17:25:13 mx postfix/smtpd[14852]: connect from localhost.localdomain[127.0.0.1]
Jul 5 17:25:13 mx postfix/smtpd[14852]: 08A0C42F65: client=localhost.localdomain[127.0.0.1], orig_client=mail-sensor.external.domain[X.X.X.X]
Jul 5 17:25:13 mx postfix/cleanup[15093]: 08A0C42F65: message-id=<20210705162115.2CF04B7FFE3DA3DD@sender.domain>
Jul 5 17:25:13 mx postfix/qmgr[945]: 08A0C42F65: from=<some_user@sender.domain>, size=8190, nrcpt=1 (queue active)
Jul 5 17:25:13 mx postfix/smtpd[14852]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Jul 5 17:25:13 mx pmg-smtp-filter[15192]: 60F2560E32458F0BF0: accept mail to <adapres@adadarters.com> (08A0C42F65) (rule: default-accept)
Jul 5 17:25:13 mx pmg-smtp-filter[15192]: 60F2560E32458F0BF0: processing time: 0.059 seconds (0, 0.037, 0)
Jul 5 17:25:13 mx postfix/lmtp[14691]: EDC534304B: to=<adapres@adadarters.com>, relay=127.0.0.1[127.0.0.1]:10023, delay=0.07, delays=0.01/0/0.01/0.06, dsn=2.5.0, status=sent (250 2.5.0 OK (60F2560E32458F0BF0))
Jul 5 17:25:13 mx postfix/qmgr[945]: EDC534304B: removed
Jul 5 17:25:25 mx postfix/smtp[12668]: 08A0C42F65: to=<adapres@adadarters.com>, relay=mail.adadarters.com[67.20.113.97]:25, delay=13, delays=0.01/0/6.5/6.4, dsn=2.0.0, status=sent (250 OK id=1m0QTM-0037FK-T9)
Jul 5 17:25:25 mx postfix/qmgr[945]: 08A0C42F65: removed

Stoiko Ivanov · Jul 6, 2021

kropla said:
some user trying to sent 20k mails.

Did the user come from an IP in your configured trusted networks or did the user send mail to one of your relaydomains? ( if not please urgently review your configuration - you might be running an open relay)

Else PMG does not have a limit per user - but the usual rate-limiting options of postfix are exposed in GUI->Configuration->Mail Proxy->Options
smtpd_client_connection_count_limit, smtpd_client_connection_rate_limit ,smtpd_client_message_rate_limit

See the postfix documentation:
http://www.postfix.org/postconf.5.html

I hope this helps!

kropla · Jul 6, 2021

Stoiko Ivanov said:
Did the user come from an IP in your configured trusted networks or did the user send mail to one of your relaydomains? ( if not please urgently review your configuration - you might be running an open relay)

Else PMG does not have a limit per user - but the usual rate-limiting options of postfix are exposed in GUI->Configuration->Mail Proxy->Options
smtpd_client_connection_count_limit, smtpd_client_connection_rate_limit ,smtpd_client_message_rate_limit

See the postfix documentation:
http://www.postfix.org/postconf.5.html

I hope this helps!

all traffic was generated (to proxmox) from mail gateway ... so it was trusted network ;/

hata_ph · Jul 6, 2021

try postfwd

http://postfwd.org/ratelimits.html

flames · Jul 6, 2021

get current postfwd3 download link from https://postfwd.org
you might also need to install some perl modules, if missing (see documentation https://postfwd.org)

wget https://postfwd.org/postfwd-2.03.tar.gz
tar -xzvf postfwd-2.03.tar.gz
cp ./postfwd/sbin/postfwd3 /usr/local/bin/postfwd3
mkdir /etc/postfwd
cp ./postfwd/etc/postfwd.cf /etc/postfwd/postfwd.cf
groupadd postfwd
useradd -g postfwd -d /var/empty -s /bin/false -c "postfwd daemon user" postfwd
passwd -l postfwd
nano /etc/systemd/system/postfwd3.service

Code:

[Unit]
Description=Postfix firewall daemon

[Service]
Type=forking
ExecStart=/usr/local/bin/postfwd3 --summary=3600 --cache=600 \
    --cache-rbl-timeout=3600 --cleanup-requests=1200 --cleanup-rbls=1800 \
    --cleanup-rates=1200 --daemon --file=/etc/postfwd/postfwd.cf \
    --interface=127.0.0.1 --port=10045 --umask=112 \
    --pidfile=/var/run/postfwd.pid --logname=postfwd --user=postfwd \
    --group=postfwd

ExecStop=/usr/local/bin/postfwd3 --file=/etc/postfwd/postfwd.cf \
    --pidfile=/var/run/postfwd.pid --kill

ExecReload=/usr/local/bin/postfwd3 --file=/etc/postfwd/postfwd.cf \
    --pidfile=/var/run/postfwd.pid --reload

[Install]
WantedBy=multi-user.target

nano /etc/postfwd/postfwd.cf

Code:

id=throttle001
    client_name==unknown
    action=rate(client_address/10/300/450 4.7.1 only 10 recipients per 5 minutes allowed)

id=DEFAULT; action=DUNNO

Search

Search

limit user to send mails

kropla

Member

Stoiko Ivanov

Proxmox Staff Member

kropla

Member

hata_ph

Well-Known Member

flames

Renowned Member