I have ispconfig with many sites and mail accounts. I have problem with many (60k) mails in mail queue. This mails comes from different mail addresses like this [email protected]. existsing-domain.tld have few real mail boxes. Maybe credentials to one of his mailboxes have been stolen. I have cleared mail queue, but I need to prevent this from happening again. 1. How can I reject mails send from non existing users. I tried in /etc/postfix/main.cf Code: smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit but it does not seems to work. 2. How can I prevent sending mails from different domain? As I tested I found that if I log in mail server with [email protected] I can send email from [email protected]. 3. How can I restrict users from sending more than X mails an hour, and every mail after that to be rejected and not get in to the queue altogether? I suppose those are common issues, but I couldn't find guide which address them.
Postfix has many features controlling the mail box size and letter size. Try them out 1 by 1. This book is Good! http://www.packtpub.com/linux-email/book
Thanks for your suggestions guys. I will share my findings to my specific questions. This will limit sent messages and number of recipients per time interval. Default time interval is 1min, so smtpd_client_message_rate_limit = 5 won't allow more than 5 messages sent per minute. Code: smtpd_client_message_rate_limit = 5 smtpd_client_recipient_rate_limit = 50 Those two have common answer. I find guides here: http://bugtracker.ispconfig.org/index.php?do=details&task_id=1637 1. Add " $smtpd_sender_login_maps" at the end of proxy_read_maps. Mine looks like Code: BEFORE: proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps AFTER: proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps $smtpd_sender_login_maps 2. Add Code: smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf 3. Create /etc/postfix/mysql-virtual_sender_login_maps.cf with following content: Code: user = ispconfig password = XXX dbname = dbispconfig hosts = 127.0.0.1 query = select destination from mail_forwarding where source = '%s' and active = 'y' and type = 'alias' and server_id = 1 union select email from mail_user where email = '%s' and postfix = 'y' and server_id = 1; Replace XXX with your password, which could be found in other /etc/postfix/mysql-*.cf file
The above setup will not work for many mail systems e.g. when ispconfig is used as mail filter in front of internal mail servers (e.g. exchange servers) or when some of your clients send newsletters over this server. So thats no setup which can be applied as default, but we might add this as option in the mail server config setup. If you like to see the above setup as option in one of the next relaeses, make a feature request for it in the bugtracker and link to this page so we can find the implementation. If it gets enough votes, it will get added to the roadmap.
In bugtracker already posted similar request: http://bugtracker.ispconfig.org/index.php?do=details&task_id=1637
