Postfix - limiting number of recipients
Hi all, I wonder whether I can prevent outgoing "bulk e-mail". A disgruntled leaving employee was threatening sending mail to all customers. (It did not happen but management was very unhappy and asked what I could do against it, from the technical side). I have a postfix mail relay (upstream going to the provider) but I cannot see a way of telling it "reject all mails with more than 50 addresses in the header", as an example. We have a special "list server" to fascilitate legitimate sending to many recipients at the time. It is bypassing this relay - so I don't have to worry about it. Thanks for answers Peter
On Mon, 3 Dec 2012, Peter Ross <Peter.Ross@bogen.in-berlin.de> wrote:
I wonder whether I can prevent outgoing "bulk e-mail".
A disgruntled leaving employee was threatening sending mail to all customers. (It did not happen but management was very unhappy and asked what I could do against it, from the technical side).
From past experience in dealing with all manner of email issues I don't think it's possible to have a system that's usable for all legitimate purposes but which has a rate limit which is small enough that it can't be used for bad purposes. For example imagine if the limit was 3 messages per hour (unreasonably small for business purposes), a bad email sent to the 3 biggest clients would still be a problem. id=R_test_sender ; sender==test@coker.com.au ; recipient!~.*@coker.com.au ; action=REJECT Postfwd is one good way of dealing with this. For example the above config line prevents my test account from sending email outside my domain. That could be used for people who are about to leave the company to allow them to communicate with other employees but not directly with customers. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
On 03/12/12 13:47, Peter Ross wrote:
Hi all,
I wonder whether I can prevent outgoing "bulk e-mail".
A disgruntled leaving employee was threatening sending mail to all customers. (It did not happen but management was very unhappy and asked what I could do against it, from the technical side).
I have a postfix mail relay (upstream going to the provider) but I cannot see a way of telling it "reject all mails with more than 50 addresses in the header", as an example.
We have a special "list server" to fascilitate legitimate sending to many recipients at the time. It is bypassing this relay - so I don't have to worry about it.
Thanks for answers Peter _______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main I'm not aware of a way to configure postfix to behave in a non-standard way of dealing with the To: header.
However, theres more than one way to send "bulk" email. If its collating all recipients in the To: header, the mail transport will disburse separate emails for each (rcpt to: ), essentially keeping the body of the email intact including the To: header - don't see many of those anymore. So I wouldn't assume that it would be sent that way. I filter all emails that do not have a properly formated To: header (undisclosed recipients) to users spam box. This blocks a lot of spam but could also block legitimate emails, but no one has complained. Alot of bulk emailers tend to forget about this header. So theirs more than one way to send bulk emails. If hes smart enough to write a script that loops over a list of emails, then you will have some problems. If he has dumped all of your customers email addresses to his own personal list, then your already shit outta luck because gmail would be more than happy to bulk email on his behalf. Perhaps you should've disable his account a few seconds after his threat. Jules.
Hi Julian and Russell, thanks for your thoughts. On Mon, 3 Dec 2012, Julian wrote:
On 03/12/12 13:47, Peter Ross wrote:
Hi all,
I wonder whether I can prevent outgoing "bulk e-mail".
However, theres more than one way to send "bulk" email. If its collating all recipients in the To: header, the mail transport will disburse separate emails for each (rcpt to: ), essentially keeping the body of the email intact including the To: header - don't see many of those anymore. So I wouldn't assume that it would be sent that way.
I had this method in mind. I guess he would have done it that way, having all addresses in Outlook.
Perhaps you should've disable his account a few seconds after his threat.
I agree but I wasn't deciding. In general I don't like fixing social problems through technology, and try to stay out of it. For non-technical staff it is sometimes hard to understand why it is so difficult to implement requests as "Let John send all e-mails besides of the one that may be malicious." Should be easy, because: "You do it all the time, filtering spam." So the thought goes. Regards Peter
On Tue, 4 Dec 2012, Peter Ross <Peter.Ross@bogen.in-berlin.de> wrote:
For non-technical staff it is sometimes hard to understand why it is so difficult to implement requests as "Let John send all e-mails besides of the one that may be malicious." Should be easy, because: "You do it all the time, filtering spam."
If "malicious" means "soon to be ex-employee sending email to clients from a work address" then it's easy to stop. If you want to stop them using their gmail account etc then it's an entirely different problem. But hopefully the clients would treat email from gmail differently from email that originates with the company. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
On 04/12/12 10:38, Russell Coker wrote:
On Tue, 4 Dec 2012, Peter Ross <Peter.Ross@bogen.in-berlin.de> wrote:
For non-technical staff it is sometimes hard to understand why it is so difficult to implement requests as "Let John send all e-mails besides of the one that may be malicious." Should be easy, because: "You do it all the time, filtering spam." If "malicious" means "soon to be ex-employee sending email to clients from a work address" then it's easy to stop. If you want to stop them using their gmail account etc then it's an entirely different problem. But hopefully the clients would treat email from gmail differently from email that originates with the company. Most users don't understand the difference between the address in the from header and the one in the smtp envelope, much less look closely at which servers a message has travelled through.
Gmail servers are a special case as they rewrite the from header to match the account you use to authenticate with the SMTP service. Few mail servers do this though so substitute some other mail server for gmail and you're back to it being impossible to prevent a message being sent that looks plausible enough to fool most users. Sending through servers other than your company mail server might give anti-spam systems a better chance to react (SPF, DCIM), but it's out of your hands to do much about that. Going back to the original question though, if it helps to limit the number of recipients, then I suspect you can do that with policyd. Either that or one of the other filters that interacts with postfix in a similar way. Andrew McNaughton
participants (4)
-
Andrew McNaughton -
Julian -
Peter Ross -
Russell Coker