I’m copying here a relevant discussion that took place at Virtualmin CP forums about a year ago:
Limit Outoing SMTP Connections per Domain
eugenevdm.host
Dec '20
We use Virtualmin for shared hosting sometimes 100s of domains and 1000s of mailboxes.
Occasionally one user’s computer is compromised and then their email client sends out 1000s of SPAM messages. By the time we’ve mitigated the damage our IP is blacklisted causing every other client on the server grief and we loose business at times due to cancellations if delisting takes too long. We have postfix SNMP queue monitors in place but one hour can make a world of difference so if this happens on 3AM on a Sunday morning we are screwed.
How can I restrict per domain, how much each user can send?
WHM/Cpanel has a number of setting to control this, each domain has these two configurable settings:
- Maximum Hourly Email by Domain Relayed.
- Maximum percentage of failed or deferred messages a domain may send per hour.
These settings are incredibly useful because the second option means you easily catch spammers who use incorrect addresses. Both these setting notifies the server operator as well.
Basically we need something the same for Virtualmin. This is all that’s holding us back redeploying numerous WHM/cPanel servers onto Virtualmin instead.
I’ve researched the old forums and I here and I don’t see any tips at all. Just trying to take it forward a bit.
alex.iarna
Dec '20
My 2 cents on this, after having the “3AM on a Sunday morning” thingy few years ago,
Beside the rate limiting, I also set an automated alert for “Mail Queue Size” bigger than ~50 messages and I add the “postfix stop” as additional command if that monitor goes down. Then I have the postfix connection monitored from outside every 5 minutes, so I get notified quickly if the postfix is stopped.
That works because email processing is usually fast enough for legitimate email that the queue never gets too big - except when someone gets hacked and spam gets deferred so it “accumulates” in the queue, moment when I want to have the postfix halted to avoid IP damage and I can look into the queue to know what account exactly causes the problem. Then I reset password to that account, delete the spam from queue, start postfix and everybody’s happy. Even the client with locked mailbox appreciates when he/she gets to know about the spam problem before causing more harm to others.
Using this I have 1 to 3 such events per year per server (~100 domains each server), but never got an IP blacklisted in the last 3-4 years.
Source: Limit Outoing SMTP Connections per Domain - #7 by calport - Virtualmin - Virtualmin Community
IMHO putting a mail-server online without an outbound mail ratelimit policy is asking for trouble.