We use Virtualmin for shared hosting sometimes 100s of domains and 1000s of mailboxes.
Occasionally one user’s computer is compromised and then their email client sends out 1000s of SPAM messages. By the time we’ve mitigated the damage our IP is blacklisted causing every other client on the server grief and we loose business at times due to cancellations if delisting takes too long. We have postfix SNMP queue monitors in place but one hour can make a world of difference so if this happens on 3AM on a Sunday morning we are screwed.
How can I restrict per domain, how much each user can send?
WHM/Cpanel has a number of setting to control this, each domain has these two configurable settings:
Maximum Hourly Email by Domain Relayed.
Maximum percentage of failed or deferred messages a domain may send per hour.
These settings are incredibly useful because the second option means you easily catch spammers who use incorrect addresses. Both these setting notifies the server operator as well.
Basically we need something the same for Virtualmin. This is all that’s holding us back redeploying numerous WHM/cPanel servers onto Virtualmin instead.
I’ve researched the old forums and I here and I don’t see any tips at all. Just trying to take it forward a bit.
Well, if a mail rate limiting feature is the only thing that is holding you back from redeploying numerous WHM/cPanel servers onto Virtualmin then you should proceed with the redeployment at full speed.
In Virtualmin -> Email Settings -> Mail Rate Limiting (yeah, I know, it is very deceptively named! ) you can specify the quantum of mail that a virtual server (or domain) can send + receive per year / week / day / hour / minute or second. All you need to do is to specify a sensible limit - say 250 email per day - for each of the domains you host and your exposure to spam originating from your server / IP address will be limited only to that specified volume of messages, should one of your client’s PC get infected with malware which sends out spam - and not the tens of thousands of spam messages that an infected PC would be able to send out in a short length of time from servers which are not mail rate limited.
No, unfortunately Account Plans does not have a configurable option for this but it would be a feature which would be nice to have. #FeatureRequest@ilya!
Well, In Virtualmin -> System Settings -> Virtualmin Configuration: Advanced you could use the ‘Command to run after making changes to a server’ box to execute a command or run a script to automate this and set up a default email rate limit for newly created virtual servers. Also see https://www.virtualmin.com/documentation/developer/cli
In addition to rate limiting on the Virtualmin server itself, you should also consider putting an extra spamfilter and use that as a smarthost.
Personally I’ve used Proxmox Mail Gateway with great success for the past 4-5 years without any issues.
That way, even if an account is compromised the spam never reaches the internet keeping your IPs squeaky clean!
In the same setting: Email Settings -> Mail Rate Limiting
there is an option called: Rate limiting enabled? Yes
and under it:
Global message limit At most … per hr/min etc.
I’ve set mine to 30 per hr, should be more than enough for legitimate email.
It is a global limit, so all domains / virtual servers will be affected by this option. Thus eliminating the need to set on per domain basis. Just adjust it to something reasonable for your needs and that’s it.
Correct, it is the global limit. So the total volume of mail that all the domains hosted on the server will able to send / receive will be 30 per hour. Note: not each domain, the global limit applies to cumulative total allowed by all domains.
My 2 cents on this, after having the “3AM on a Sunday morning” thingy few years ago,
Beside the rate limiting, I also set an automated alert for “Mail Queue Size” bigger than ~50 messages and I add the “postfix stop” as additional command if that monitor goes down. Then I have the postfix connection monitored from outside every 5 minutes, so I get notified quickly if the postfix is stopped.
That works because email processing is usually fast enough for legitimate email that the queue never gets too big - except when someone gets hacked and spam gets deferred so it “accumulates” in the queue, moment when I want to have the postfix halted to avoid IP damage and I can look into the queue to know what account exactly causes the problem. Then I reset password to that account, delete the spam from queue, start postfix and everybody’s happy. Even the client with locked mailbox appreciates when he/she gets to know about the spam problem before causing more harm to others.
Using this I have 1 to 3 such events per year per server (~100 domains each server), but never got an IP blacklisted in the last 3-4 years.
You are correct. However, it would be nice to have a global PER DOMAIN limit as well, affecting all domains or even more better - have email limits on per plan basis, so only updating the plan’s settings to affect all accounts, that are on that same plan.
The global limit, while affecting ALL domains, is still a way to put a security limit, even not as precise, still makes a lot of sense, at it can be adjusted with accordance to the total number of domains hosted.
This can be done via Virtualmin -> System Settings -> Virtualmin Configuration: Advanced you could use the ‘Command to run after making changes to a server’ box to execute a command or run a script to add the per domain limit every time a virtual server is created. See Command Line API | Virtualmin for commands which can be used to create the script.
It would truly be a nice to have new feature. We can agree about that.
Can you post an example on that? I’ve been looking at the listed commands, but they seem to repeat the already available options in GUI/web interface. Or you mean to directly alter the mail user in Postfix/on the mail server level?
No, I do not mean to directly alter the mail user in Postfix/on the mail server level. The script which I refer to will be called by Virtualmin every time a virtual server is created - Virtualmin can be configured to do this via Virtualmin -> System Settings -> Virtualmin Configuration: Advanced: ‘Command to run after making changes to a server’ box.
Once such a script is called, it will use Command Line API | Virtualmin to set, for the newly created virtual server, a mail rate limit. In this manner, all virtual servers on your system will have a limit automatically applied to them the moment they are created. That’s what you want, right?
#!/usr/bin/php<?php// Rename this file to config.php// folder for the microweber source, add slash at the end$source_folder = '/usr/share/microweber-latest/';$update_folder = '/usr/share/microweber-update/';// debug email, uncomment these to get email on new install// $debug_email = 'firstname.lastname@example.org';// $debug_email_subject = 'New site';// copy internal files from the shared folder as a source$copy_files = array();$copy_files = 'favicon.ico';// deletes files or folders in the destination folder$remove_files = array();$remove_files = 'userfiles/modules/ants';// copy external files from absolute path as a source$copy_external = array(); // $source=>$dest$copy_external['/usr/share/microweber-ext/userfiles/modules'] = 'userfiles/modules';$copy_external['/usr/share/microweber-ext/userfiles/templates'] = 'userfiles/templates';$copy_external['/usr/share/microweber-ext/favicon.ico'] = 'favicon.ico';// $install_options = array(// array('option_key' => 'website_title', 'option_value' => 'My Web', 'option_group' => 'website'),// array('option_key' => 'items_per_page', 'option_value' => '30', 'option_group' => 'website')// );