Maximum amount of emails per user and server per hour

[Richard G]

I mis a nice option in DA, which I found in Cpanel.

In DA it says you can setup a limit per DA user per day. But a day is very long.
Some users might send more emails, some less.

In cpanel this can be setup on a per hour base.
Max hourly emails per domain

Or a bit more per account/domain.
Maximum Hourly Email by Domain Relayed
Maximum percentage of failed or deferred messages a domain may send per hour

It can be done per account by Modify account.

This is great stuff to block spammers at least for a great part, for abusing hacked accounts or leaking scripts.

I administer such server and after a while you know how many domains you have and what the email traffic is.
If you set the max per hour on 3000 for the complete server that is already a lot. Spammers mostly work list which go way more then that. This is a serverwide setting so great to catch leak scripts.

The option to choose per account is also very nice. Everything more then an x amount will get blocked or maybe in the queue for the next hour. Nice for hacked accounts.
For example 300 is nice. Which is already an email ever 0.2 second.

In this time a lot can be done if something goes wrong, by the system administrator.

If you only use a per day option like DA does now. To think about my example 300x24=7200 so you see the difference in mails which will get out before DA stops the queue? The more harm is done?

That's why it would be nice to have per hour options for both server (mails going out as nobody) als also per DA user account.

 

[nobaloney]

For me DirectAdmin stops sending emails when it hits the daily limit; it doesn't wait until the end of the day. How are you setting the limit?

Jeff

 

[Richard G]

That is correct Jeff... But what I wrote is that a daily limit is much higher then an hourly limit. It doesn't matter if that takes a day, an hour or 5 minutes. People should be able to send enough mails out per day, so you set your daily limit much higher then you would do when using an hourly minute.

So if an account is abused, many more emails are send out compared to an hourly limit.

See my example. Suppose we have a user with an hourly limit of 500.
The daily limit would be in this case 500x24=12000.
So DA would stop the mails if the limit of 12000 is reached, even if this is within a half hour.

But still 12000 spam emails have gone out. With the hourly limit, this would only be maximum 500 emails. That's a significant difference.
Bigger accounts you could set to a higher limit.

 

[Richard G]

Just got another one.
A user which has a webshop with a big mailinglist, he sends out about 5000 emails in an hour when he starts sending. This could happen twice a day. We want to allow that to him only.
Our other users don't, so we would like to limit them by 500 mails an hour, not by 10000 mails a day.

Hourly restriction is really better then daily restriction.
And an addition of a max that scripts (like php's mailfunction) could send out per hour would be nice too.

 

[zEitEr]

We've implemented individual hourly and daily limits much more before it was done in directadmin exim.conf/exim.pl
So if you want it you can easily do the same or hire somebody to do it for you.

 

[Richard G]

It's a suggestion to put it in Directadmin.
But if you know a way I would gladly would like to know how it's done, or a few tips about it.

 

[zEitEr]

All what you might need is already there in exim.pl. So if you know PERL (even if you can only read it) then it's piece of a cake.
Extra you'll need separate files where you write global hourly limits and individual limits, files where you write usage stats, and some code modification in /etc/exim.pl

 

[Richard G]

Thank you!

However I still also keep this suggestion open to put this hourly option in DA itself so everybody can benefit, it's still better then daily limits.

 

[DirectAdmin Support]

Hello,

Thanks for this feature request.

At this time, it is just a daily limit, as we all know.

There is a feature for per-email per day:
http://www.directadmin.com/features.php?id=1246

but is not a per-hour feature.

---

However, with the way that our tally system works.. if you want to increase the frequency of the tallies, this can accomplish nearly the same thing.
http://help.directadmin.com/item.php?id=48

I wouldn't run it every hour though (depending on your setup)... perhaps 4 times a day would be more reasonable, and would get you much closer to your per-hour goal.

For example, if the limit is set to 100 per day no, when you run the tally 4 times a day (Every 6 hours), the limits will then turn into 100 emails per 6 hours.

You can adjust the tally frequency as best suited to your system... faster boxes with less data to process will be able to have more tallies than say a slower box with more data.

John

 

[Richard G]

Welll maybe in the future we will have a per hour option like cpanel has for accounts and per day for php mail.
Indeed at the moment there is the daily limit.

Until then (or when the request will not be granted) we can use the method described by you.
Thank you for pointing to this method and explaining it!

 

[Jan_E]

Tally for reset mail count only

However, with the way that our tally system works.. if you want to increase the frequency of the tallies, this can accomplish nearly the same thing.
http://help.directadmin.com/item.php?id=48

Is there a tally command to reset the email count without running a full tally? I was hoping this would work:

echo 'action=quotatally&value=all' >> /usr/local/directadmin/data/task.queue

which I derived from http://www.directadmin.com/features.php?id=704 but that does not seem to work.

 

[IT_Architect]

Well...catching this kind of a problem before your E-mail server gets blacklisted is certainly a requirement of the hosting industry. Anyone who has had an E-mail server blacklisted knows one of the first questions asked when clearing a server is, "Have you implemented a system to where this won't happen again?" I've tried volume-based triggers for various things. They sounded good but haven't been because we as admins are in no position to predict what volume constitutes spamming, so what ends up happening is we set the volume high to prevent driving the customer nuts, and the spammers know how to stay under the radar. The effect of Greylisting needs to be taken into consideration in the solution as well. Something based on bad E-mail addresses probably could effectively disambiguate a legitimate mail traffic from a spam bot as that is normally how we find the source of the problem. You may be able to also employ the same concept to reject spam as well by blacklisting E-mail servers that send tons of stuff to users at your company that don't exist.

 

[IT_Architect]

One of the things I see nowhere is the ability to limit mailbox users to x number of E-Mails per day. I see a setting for megs, but not the number or E-Mails. Megs isn't useful. People often send large files, such as for CAD or product updates. SPAM E-Mails are typically small anyway. A DA user could represent anywhere from 1 to 50 mailbox users or more, across multiple domains. For a user with 50 mail users, 200 e-mails would be 4 e-mails a day for each mailbox. Therefore, the limitation on the number of E-Mails needs to be at the mailbox level. That also means the entire domain(s) doesn't get blocked, only the one user who has been hacked. At that point you also know exactly which mailbox user has the problem, because you would receive an E-Mail telling you.

 

[DirectAdmin Support]

Just need to turn it on:
http://help.directadmin.com/item.php?id=514

May turn it on by default in the future.
Also needs a new exim.pl (at the time of this post, exim.pl version 15 is the newest)

John

 

[IT_Architect]

Just need to turn it on:
http://help.directadmin.com/item.php?id=514John

Perfect! That's exactly what I need. One thing we have no control over is if the E-Mail account holders connect to the E-Mail servers securely. If they don't, then they get hacked at hotspots. It would be good if the admin and the account holder would get an E-Mail when they exceed their limit. I like the idea of a global limit and a default limit that a user can change per mailbox up the the global limit. The megs limit at the local level can just go away, or add outgoing per day.

Thanks TONS for chiming in.

 

[DirectAdmin Support]

1) As long as you have the latest exim.pl and DA, both the User, and the Admin will get a DA message within 60 seconds of the limit being reached.

2) As for the secure connections, I was going to redirect you to this thread... but.. you wrote it
http://forum.directadmin.com/showthread.php?t=43500

John

 

[IT_Architect]

Hmm. I just put in the latest exim.pl, implemented what was in http://help.directadmin.com/item.php?id=514, set user_limit to 5, restarted Exim, sent an e-mail, and resent 6 more times, and it didn't complain. All E-Mails went through.

 

[DirectAdmin Support]

How about the 7th? There might be an off-by-one error in there.

Related files:
/etc/virtual/domain.com/limit/user
/etc/virtual/domain.com/usage/user

John

 

[IT_Architect]

How about the 7th? There might be an off-by-one error in there.

I set /etc/virtual/limit to 200
I set /etc/virtual/user_limit to 2
Restarted Exim
I sent 7 messages to a different domain and mailbox without being blocked.

Related files:
/etc/virtual/domain.com/limit/user
/etc/virtual/domain.com/usage/user
John

Neither ./limit nor ./usage directories exist.

 

[DirectAdmin Support]

I'm guessing the test "to" address is local, which won't be counted.
Make sure you're testing to external addresses, as the count only applies when a dns lookup is done (exim.conf lookuphost, the check_limits perl subroutine)

John