Hi,
Others have said how to apply a rate limit. We do the same, but we prefer a daily limit, and we actually deny (rather than 'warn’) mail that exceeds the limit. Arguably, it would be better to 'control = freeze' (rather than 'delay = 10s') the mail on the mail queue, where it would be available for inspection, and release.
Our users actually do have bursty behaviour. Staff often peak at just after 9am, and students at lunch time. So we think longer timeframes are more useful when the sanction is as strict as a 'deny' or 'freeze'.
With a 'delay = 10s', I’d describe this as teergrubing (tar pitting) rather than rate limiting. It’s a much weaker sanction, and doesn’t actually prevent spam unless someone is watching the logs, it just slows it down. Teergrubing does have its uses: and we use it on inbound MX where the (perhaps somewhat optimistic) theory is that it ties up sender resources.
> On 1 May 2015, at 15:01, Sujit Acharyya-choudhury <s.choudhury@???> wrote:
>
> After receiving a phishing e-mail where the recipient gave away the address and password and that resulted in a huge number of e-mails coming in and going out. I was wondering whether a rate limit could have reduced the damage? And if that is the case what is the most simple rate limit I should apply? Also we are witnessing a larger number of phishing e-mails. We have ClamAV and SpamAssassin running, but unable to stop the flow. Sanesecurity signatures don't have any effect either. Is there any suggestion on how to reduce Phishing attack?
>
>
> Regards
>
> Sujit
>
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148
