Re: [exim] Delaying messages for 5 minutes?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Todd Lyons at <-
MMLena at ->
Delete this message
Reply to this message
Author: Graeme Fowler
Date:  
To: exim-users
Subject: Re: [exim] Delaying messages for 5 minutes?
On Sun, 2011-04-10 at 07:18 -0700, Marc Perkel wrote:
> But it looks like 1/2 the solution unless I'm missing something. How do
> the messages get unfrozen?

We do something similar on outgoing messages to catch compromised email
accounts:

1. Track rates of $sender_address using Exim's built-in ratelimit code
at the RCPT stage.
2. When a threshold is reached, use "control = freeze" on the messages
from $sender_address.
3. Notify the admins that $sender_address needs looking at.

We then manually inspect the message flow, starting with recipient
addresses, then subjects, to determine whether the flow is valid.

If it is, we use "exim -Mt" on all affected messages from
$sender_address; if it isn't, we investigate further to see if the
account is being abused. Further action following that part is out of
Exim's scope.

It's not a good idea to automate the check stage, but the unfreezing bit
could be done via a cron job which reads from a database table rather
than from the shell.

Graeme


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Delaying messages for 5 minutes?Re: [exim] Delaying messages for 5 minutes?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)