Topic: Throttle not working
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.0
- Deployed with iRedMail Easy or the downloadable installer? dl
- Linux/BSD distribution name and version: Centos7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Outbound throttle is set to 300 per day for the domain, and 50 per day in the global settings.
I have tested, and the throttle seems to work properly for users that exist.
It seems that a user on the network got a virus, and started blasting spam with a from address of hostmastern@domain.com (this does not exist as a user on the system)
This was not throttled:
Top Senders
1173 hostmastern@domain.com
88 otheruser@domain.com
Two questions:
Why did the throttle setting not catch this?
Why did the system allow sending from a user that doesn't exist
Here is the log from one send:
Jan 7 09:42:03 mail postfix/10025/smtpd[11454]: 0E88541D5FAD: client=localhost[127.0.0.1]
Jan 7 09:42:03 mail postfix/cleanup[32145]: 0E88541D5FAD: message-id=<20200107063048.AD749BE964AD42C0@domain.com>
Jan 7 09:42:03 mail amavis[29518]: (29518-15) 6AlYMPg2WWLB FWD from <hostmastern@domain.com> -> <puchogema@hotmail.com>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0E88541D5FAD
Jan 7 09:42:03 mail amavis[29518]: (29518-15) Passed CLEAN {RelayedInternal}, ORIGINATING LOCAL [IP redacted]:47718 [IP redacted] <hostmastern@domain.com> -> <puchogema@hotmail.com>, Queue-ID: 164FB24C3455, Message-ID: <20200107063048.AD749BE964AD42C0@domain.com>, mail_id: 6AlYMPg2WWLB, Hits: 2.949, size: 34352, queued_as: 0E88541D5FAD, dkim_new=dkim:domain.com, 1843 ms, Tests: [BAYES_50=0.8,DYN_RDNS_AND_INLINE_IMAGE=1.168,FILL_THIS_FORM=0.001,RDNS_DYNAMIC=0.982,SPF_HELO_PASS=-0.001,SPF_PASS=-0.001]
Jan 7 09:42:03 mail amavis[29518]: (29518-15) Passed CLEAN, <hostmastern@domain.com> -> <puchogema@hotmail.com>, Hits: 2.949, tag=-100, tag2=6, kill=12, queued_as: 0E88541D5FAD, L/Y/0/0
Jan 7 09:42:03 mail postfix/amavis/smtp[1125]: 164FB24C3455: to=<puchogema@hotmail.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=114, delays=98/14/0.02/1.8, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0E88541D5FAD)
Jan 7 09:42:03 mail postfix/qmgr[3358]: 0E88541D5FAD: from=<hostmastern@domain.com>, size=35683, nrcpt=1 (queue active)
Jan 7 09:42:03 mail postfix/smtp[2517]: 0E88541D5FAD: to=<puchogema@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[104.47.38.33]:25, delay=0.97, delays=0.22/0.12/0.23/0.39, dsn=2.6.0, status=sent (250 2.6.0 <20200107063048.AD749BE964AD42C0@domain.com> [InternalId=67061619403241, Hostname=BL2NAM02HT239.eop-nam02.prod.protection.outlook.com] 43443 bytes in 0.243, 174.131 KB/sec Queued mail for delivery -> 250 2.1.5)
Jan 7 09:42:03 mail postfix/qmgr[3358]: 0E88541D5FAD: removed
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.