Send a notification when a user sends more than 20 mails,

S

StaticOne123

New Member
Apr 19, 2023
4
0
1
I recently had a compromised mailbox, spammer, that went unnoticed.
I had a rule for outgoing spam mail, level 5 spam, to send to quarantine and notify
The spammer didn't trip this outgoing mail rule. Eventhough he was sending 1000+ mails with multiple recepients..
All the mails that he sent were delivered, some ( 1000+ more ) went to deferred mails, i guess waiting for queue there.
I disabled his mailbox, and his AD account but he was still sending mails until i flushed the deferred mails.
I want to be able to receive a notification, once a user sends more than 20 mails a day, or sends a mail to more than 40+ recipients, Since this seems like the best defending against spam.
Or maybe i should lower my outgoing spam level ( it is 5, maybe lower it to 3, eventhough i had a lot of false positives when it was set to 3 before )
If its needed i can open a case also.
Thanks
 
Last edited:
there is no such feature built in, and i don't believe we'll implement something like this (too many ways this can falsely trigger)

instead, check if there is some postfix configuration that suits your needs: e.g. https://www.postfix.org/postconf.5.html#smtpd_recipient_limit

also i think reducing the spamlevel in your outbound filtering is the way to go (with that tuning, you make sure only 'bad' mails are blocked)

can you post the log of such a mail (especially the spamscores)? maybe we can give more tips based on that
 
When you say log you mean the info that i get when i press the + on the tracking center mail?
If so, there is no spam level, only basic info like to who was it sent, from who, message id and size=4664, nrcpt=50 (queue active), and at the end there is line edgeserver postfix/qmgr[377377]: B9FDBE1618: removed, there is no mention of spam score.
I forgot to mention, that after some time, proxmox blocked 100+ mails, marking it as spam level 5, and sent to quarantine, but other 1000+ mails went out.
Too bad there is no such option, is there any other way to configure something from gui so this won't happen in the future, or at least notify me?
 
StaticOne123 said:
If so, there is no spam level, only basic info like to who was it sent, from who, message id and size=4664, nrcpt=50 (queue active), and at the end there is line edgeserver postfix/qmgr[377377]: B9FDBE1618: removed, there is no mention of spam score.
Click to expand...
are you sure you scan the mails for spam in the outgoing direction? can you post your rule system?

StaticOne123 said:
Too bad there is no such option, is there any other way to configure something from gui so this won't happen in the future, or at least notify me?
Click to expand...
no there's no such option currently
 
ok looks fine, but then there should always be spaminfo in the logs.. can you maybe post the log of such a mail?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom