Re: [exim] Delaying messages for 5 minutes?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Graeme Fowler
Date:  
À: exim-users
Sujet: Re: [exim] Delaying messages for 5 minutes?
On Sun, 2011-04-10 at 07:18 -0700, Marc Perkel wrote:
> But it looks like 1/2 the solution unless I'm missing something. How do
> the messages get unfrozen?


We do something similar on outgoing messages to catch compromised email
accounts:

1. Track rates of $sender_address using Exim's built-in ratelimit code
at the RCPT stage.
2. When a threshold is reached, use "control = freeze" on the messages
from $sender_address.
3. Notify the admins that $sender_address needs looking at.

We then manually inspect the message flow, starting with recipient
addresses, then subjects, to determine whether the flow is valid.

If it is, we use "exim -Mt" on all affected messages from
$sender_address; if it isn't, we investigate further to see if the
account is being abused. Further action following that part is out of
Exim's scope.

It's not a good idea to automate the check stage, but the unfreezing bit
could be done via a cron job which reads from a database table rather
than from the shell.

Graeme