How to limit the number of emails sent by each user (prevent spammer)


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » Email » Spam

How to limit the number of emails sent by each user (prevent spammer)Last Modified: Jul 25, 2013, 12:51 pm
The current exim.pl files have the ability to track who is sending email.  There is an option to turn on a limit for how many emails are sent by a particular user.  To enable this limit, simply add the number of emails you'd likely to allow per day to the /etc/virtual/limit file.

For most cases 200 emails should be enough for any users.

Once the limit file has a number greater than 0, the exim.pl will start to count the number of emails sent by a user.  In the /etc/virtual/usage directory, there will be 2 types of files.   'username' and 'username.bytes'.  The bytes file will store how large each email was.  The total sum of the bytes in that files will give the amount of outgoing smtp bandwidth used that day (this is always enabled).   The other file ('username') is used to count the number of emails sent.  Each email sent will add another byte to the file, so the exact size of the file is the number of emails sent.

When looking for a spammer, check the /etc/virtual/usage/username files to see a larger file, and also check /etc/virtual/usage/username.bytes, to look for a repeated size.  Large number of same-sized emails generally indicates spam.

Enforcing strong passwords is a good way to prevent passwords from being guessed.
Difficult Password Enforcement



A new feature of the exim.pl (as of Jan 2011) is the ability to specify custom limits on a per-User basis (per DA-User).  To do this, first ensure you have the latest exim.pl.  You can confirm this by checking for this line:

if (open (LIMIT, "/etc/virtual/limit_$name"))

If you have that line in your exim.pl, then you're good to go.  If not, save it to /etc/exim.pl and restart exim.  The same basic rules apply, you just need to type:

echo 300 > /etc/virtual/limit_username

where username is the User you wish to give the special limit to.  This overrides the default /etc/virtual/limit file for that User.



If you think you might have a spammer, check your /etc/virtual/usage directory for a larger than normal filesize.
Any authenticated sends will show up with this command:

cd /var/log/exim
grep 'A=login:' mainlog* | less

which will show all emails sent from your server which used smtp-authentication.  This is useful to find any email accounts who's passwords may have been compromised (guessed), or simply just abusive Users.



With DA 1.42.0 and /etc/exim.pl version 13, you can use a per-email send limit, where you can limit each individual email account to a daily limit, eg:

echo 50 > /etc/virtual/user_limit
echo user_can_set_email_limit=1 >> /usr/local/directadmin/conf/directadmin.conf
/etc/init.d/directadmin restart

Users can set set these limits in their E-Mail Accounts section of their User Level.  The default max value a User can specify for an email is their global DA account limit (/etc/virtual/limit, or /etc/virtual/limit_username if it exists).  A lower max per-email limit can be set with the directaedmin.conf option: max_per_email_send_limit.
 
Related Helpfiles
How to update your exim.conf
Unrouteable address
Exim is going crazy, how can I track down what it's doing?
Warning: 200 emails have just been sent by unknown
Detecting and preventing brute force login attacks
My server is sending spam. What do I do?
E-Mail Rate Limiting with exim and the exim.pl

2003 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST