When I have an email account with a compromised password that is
pumping out junk with auth SMTP the sending IP is virtually always in
XBL. When I have legitimate senders using auth SMTP they are
extremely rarely listed.
So, I feel that if an authenticated sender is listed in XBL I feel
there is a 98+ percent chance it is compromised and pumping out junk
mail. For the remaining 2 percent I would like to restrict too around
10 recipients an hour so its still usable but cannot send enough
volume to be of use to a junkmailer.
> I have this to block users that authenticate and are on a blacklist.
>
> deny
> dnslists = some.black.list.or.another
> authenticated = *
> verify=recipient
> message = blocked authenticated sender
>
> Rather then block these I would like to rate limit black listed
> authenticated senders to 5 messages an hour or so in case its a false
> positve.
>
> I see this:
>
> # Keep authenticated users under control
> warn ratelimit = 100 / 1h / strict / $authenticated_id
> delay = ${eval: ${sg{$sender_rate}{[.].*}{}} -
> $sender_rate_limit }s
>
> But how do I make this only trigger on blacklisted authenticated users?
