1

Topic: Need help on Catching Spam issues

Hi

We have
iRedMail     v0.9.5
iRedAdmin-Pro     v2.4.1 (MySQL)

with more than 1K users / 600 domains.

Lots of them have weak passwords and getting hacked time to time . What im looking for is a system that could use throttling logic , but instead of blocked sending - would inform me by email that user is sending too many mails . Is this somehow doable ?

PS- This feature would be good having as per server setting (thus i dont need to set it on each acc) - smth like - if any account sent more than 500emails per day - i should get an email.

Hope its doable,
Thanks.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Need help on Catching Spam issues

With that amount of users and domains you should probably be looking at https://www.splunk.com/en_us/products/p … ence.html.

3

Re: Need help on Catching Spam issues

bigweb wrote:

but instead of blocked sending - would inform me by email that user is sending too many mails . Is this somehow doable ?

This is not implemented in iRedAPD yet, but it's possible with some iRedAPD hacking.

4

Re: Need help on Catching Spam issues

How can one detect how many emails are being sent by user? I see that the daily amount is displayed on the dashboard screen so I presume it is possible to write an SQL script to do such.

5

Re: Need help on Catching Spam issues

jpforte wrote:

How can one detect how many emails are being sent by user?

If you have throttling enabled in iRedAPD, iRedAPD will log sent and/or received email info in SQL table "iredapd.throttle_tracking".

6

Re: Need help on Catching Spam issues

I have devised a script to read /var/log/iredapd/iredapd.log to look for email sent to external sources and it gives a list of mail sent. I filtered out the local domain.

-------
#!/bin/bash

LOGFILE=/var/log/iredapd/iredapd.log
PGM=`basename $0`
TMPFILE=/tmp/$PGM-$$-log
TODAY=`date +%Y-%m-%d`
NOW=`date`
[ $LIMIT ] || LIMIT=10
[ $DATE1 ] || DATE1=$TODAY
[ $LIMIT ] || LIMIT=0

awk '{if ($1 == "'$DATE1'" && $8 ~ /60north.net/ && $5 ~ /RCPT/ && $6 !~ /60north.net/ && $8 !~ /magna.net/ && $6 !~ /bounces/ )
    print $8" "$4" "$1 }
' $LOGFILE |
    awk '{print $1}' |
    sort     |
    uniq -c  |
    sort -n  > $TMPFILE


PROBLEMS=`awk '{ if ( $1 >= '$LIMIT' ) print }' $TMPFILE `

if [ "$PROBLEMS"  ]
then
    echo "$PROBLEMS"
fi

rm $TMPFILE