blacklist and throttling
Idea shared by Sabatino - 3/25/2022 at 4:21 PM
I ended up on a blocklist. Problem solved quickly, it happens unfortunately.

I use throttled set to delay at 200 messages / hour as a standard setting for all users

Unfortunately a user's password was stolen and before I could intervene the damage was done

In addition to the fact that I think I will change the approach, that is, I will set the throttled to reject, setting it to delay only to users who request it and after appropriate evaluation.

However, I realized some things

1) When cases like the one described happen, they usually do auth smtp using the user whose password they stole and then start sending emails with different sender to different recipients

2) They increase the messages to Unknown Users

It would not be the case to intercept these two events.

For example, a smarter throttled that goes from delay to reject, or that requires admin approval when a situation like the one described occurs?

4 Replies

Reply to Thread
I also got blacklisted, same thing, an account was hijacked.  
The throttle didn't work for me either. 
also, I think if you set reject, it will still fill the outgoing queue with emails, I had thousands to remove, was a very frustrating task.

It would be nice if we could also set a send limit per account per day, this has worked extremely well for me in the past and I haven't been on a blacklist before this in over 10 years.

Hope you were able to get removed from any black lists, I know how difficult it can be.

Removal was quick and easy. We noticed the problem almost immediately. So there was little damage.
Now I have set throttling in reject, allowing only those who are requested to delay

Of course we could do better if smartermail's develepers give us some help :-)

I was doing research on the net, or uceprotect itself for example suggests to monitor the user's undeliverable emails. it is in fact very unlikely that a single user exceeds a certain threshold / hour of undeliverable emails.
It would be enough to have a sort of automatism available to block the account.
I did not understand if you think a function like the one described is not very useful or if it is simply not interesting because you use external gateways.
Thank you
Agreed, I'm sure it would be useful,  because I did have the delayed action in place, but I still got black listed. it took a few days to get of the lists and lots of users were complaining about mail being rejected. So, if there are additional ways as you suggested, I think that make sense to me, usually many undeliverable emails when an account is compromised. I have also set an action for user throttled and highspool count. hope this helps in future.

Reply to Thread