I am in the middle of upgrading the mail system at UKC (both hardware
and software), Exim is going from 1.92/2.12 -> 3.15 and the main
MX is going from a Sun SS20 -> 2 x Sun Ultra 5s to give us some
more resilience in the event of hardware failure.
We currently ship around 60,000 mails a day and the load on the MX (SS20)
is next to nothing (<1) but maintenance costs creep up etc.
Since we are moving to machines with a tad more horsepower I am wondering
whether (I have had a look at the FAQ - and failed) exim will help
do the following:
+ spot when a local user is sending large quantities of email to
multiple addresses (ie bulk spamming)
+ spot when a user is (or is being) mailbombed (recently we had a user
mailbomb an address that diverted to a mobile phone - around
50,000 messages - I suspect the phone is still ringing :-)
Once exim has spotted either of the above - what can I then get it to
do for me?
The reason I ask is that the above is clearly unacceptable behaviour on
behalf of some of our users however exim doesn't care and nor should it
and will deliver anything very quickly where possible (kudos to Philip).
So since I have the extra CPU power free can I get exim to monitor
what it is doing and so do some damage limitation rather than creating
a mess quickly which I and others have to clear up? If this is not the
case then suggestions of monitoring software etc would be welcome.
Thanks for your time.
Paul Osborne
Computing Officer
UKC Computing Service
