 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
6 messages in net.sourceforge.lists.courier-usersRE: [courier-users] Limit sending mai...| From | Sent On | Attachments |
|---|---|---|
| Peter Holm | May 20, 2004 12:28 pm | |
| David Gomillion | May 20, 2004 1:32 pm | |
| Eduardo Roldan | May 20, 2004 1:47 pm | |
| Mitch (WebCob) | May 20, 2004 1:51 pm | |
| Gordon Messmer | May 20, 2004 2:31 pm | |
| Malcolm Weir | May 20, 2004 3:11 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | RE: [courier-users] Limit sending mails to 1 per minute / user? Stupid idea? | Actions... |
|---|---|---|
| From: | Malcolm Weir (ma...@gelt.org) | |
| Date: | May 20, 2004 3:11:48 pm | |
| List: | net.sourceforge.lists.courier-users | |
-----Original Message----- From: David Gomillion Sent: Thursday, May 20, 2004 1:33 PM
Peter Holm said:
is it an unrealistic or unintelligent approach to limit the amount of mail that can be sent with a server?
Limiting the possibility to send mail to only once per minute looks to me like a very userfriendly AND abuse-preventing restriction, that could save many admins lots of trouble.
[snip]
My first concern is how you're going to handle people going over 1 per minute. The way I see it, you have 2 choices: queue it up or throw it out.
1. Queue it up: this means that if someone DOES try to spam through your server, your FS is going to get full, the queue will get clogged, and your wife/girlfriend/husband/boyfriend/whatever will leave you :) But in all seriousness, it seems like it could have to potential to get really bad.
2. Throw it out: either you are silently discarding mail, so that people get confused when they don't get the mail they sent to themselves or family members, OR, you are having to generate and deliver a TON of DSNs. Neither one seems to be very good. If it is a real spammer, you want to throw it out, as nobody will miss it; however, if it is a real user who had Outlook queue the mail to be sent while he was on an airplane, and you throw away his email to his boss, he may be looking for a new email provider very soon. But if it is a SPAMmer and you end up generating DSNs, you would give yourself a DoS attack in the process.
Errr... There's also the "Don't let it in" option: if a user exceeds their quota, generate an error instead of a "2xx" message, just as if a DNS failure occurs during a multi-message SMTP dialog.
I think if you are going to impose rate limits, you probably ought to consider the idea of having "permissible overdrafts". So if the rate is 1 per minute, you could have an permitted overdraft of (say) 10, thereby allowing a user to send 11 messages in a burst, and then see no penalty unless they try to send a twelth within 10 minutes of the first...
Oh, and there's a third choice that's just occurred to me: once a user exceeds the quota and triggers the penalty, add an artificial delay before offering an SMTP response. Seems to me that a 10 or 15 second delay before a response would effectively enforce a low sending rate. Of course, you don't want to do this unless the user has tripped the penalty since some MUA's would time out if you did that all the time...
Oh, and if you are focussing on ESMTP submissions (the normal mode), you can generate a "4xx" code to indicate a temporary failure, "please try later". Some/most MUAs will act sensibly (even Outlook, remarkably) and have the things just sitting in its "Outbox" until later. And this can be triggered
Malc.