Reset a sender's "Mail Rate Limiting" count?

Let’s say I set a rate-limit of 50 emails in a 24 hour period per-user on a domain, in order to prevent a hacked mail account from being used for spam. Once that mis-use is detected and (say) some weak password corrected, is there a way that I can reset the count for that user, or do I just have to set it to 100 and hope I remember to set it back tomorrow?

SYSTEM INFORMATION
OS type and version Ubuntu 22.04
Virtualmin version 7.10.0

If misuse is detected, then check the box captioned “login temporarily suspended” in Virtualmin → Edit Users. Why would you set the mail rate limit to 50 or hundred for a domain which has a mailbox which is confirmed as compromised and is spamming the internet?

After that, you may need to manually restart postfix - I don’t know if this is still required to be done but in earlier versions of Virtualmin, I recall that it was.

What I meant to say was “I have set the limit to 50 in 24 hours in order to prevent a hacked user’s account from being severely abused”.

What I am asking is “So now the guy has called and we’ve gotten his password changed”… how can I reset him to “0/50” (or do I just have to wait out the 24 hours, or set his limit 50 higher and maybe set it back the next day)?

What I meant to say is that I don’t decrease the mail rate limit of domain which has a compromised email account. I disable login to that account till the owner confirms that he has taken steps necessary to secure the account.

The mail rate limit feature is not intended to be used in the manner that you are using it and that is perhaps why it does not have the sort of automatic reset feature that you seek.

I recommend that you set reasonably high (much higher than 50) mail rate limit and keep it set to that; if an email account is compromised, then disable it.

So how do I detect compromised mail account turned spammers?

You said “The mail rate limit feature is not intended to be used in the manner that you are using it”…

What is the mail rate limit feature intended to be used for (if not detecting spammers and preventing them from getting an insane amount of traffic out)?

I’m not trying to be snide it just hit me that I legitimately can’t think of another use for it.

Yes, the mail rate limit feature is not intended to be set and reset every time an email account on your system is compromised. A Virtualmin admin will have time for little else if such a thing were to be done because email accounts are compromised quite often.

You said in your original message:

And I replied:

In summary, use mail rate limits by all means to prevent spammers from getting insane amount of traffic out but don’t fiddle with the sensible defaults that have been applied every time an email account is compromised. Virtualmin has designed and configured this feature such that the solution is automated.

If you do nothing, if you let the system run on auto-pilot, if you do not change the mail rate limits, the domain with the compromised email account will exceed quota and be stopped from sending out further mail. That is good. The owner of the domain / virtual server will be alerted about the problem by and by and take remedial action. After 24 hours of the remedy being applied, the domain will be automatically able to send mail again. Note that in this, you, as the Virtualmin admin, have to do nothing. You did not have to fiddle with or reset mail rate limits for the domain / virtual server.

That’s how a system is supposed to be run at scale, if you want to enjoy life as an admin.

So my customer, who has corrected his employee’s weak password issue, will then happily wait the rest of the 24 hours before anyone at his company can send mail again?

You must not have any law firms for clients. They are not at all cool like that.

If they mess up they must take that on the chin I’m sure that big email providers would take the same stance, why not just out source the email, this is then no longer your problem

I am the outsource I guess.

I would not put a law firm on a local email server, much easier to let the likes of microsoft or google take any legal problem rather than yourself they have legal teams to deal with these problems. Unless you have loads of time/resources don’t be an email provider it will eat all your time, I personally will be glad when email is done, just like fax and letters

This does seem like a weird line of thought given that calport was talking about these features in terms of “the scale of our design is so big that minute nonsense like this is something left to the domain owners” but your advice is alone the lines of “any law firm is best left to the big guys” (most law firms are small businesses with 10 or so employees… but they use words like “renumeration” any time there’s a problem, and generally treat everyone who is not a lawyer like “the help” in my experience).

That’s why you out source it, host their web sites, but leave the email to someone else, your client will then be chasing renumeration from that provider rather than you

So virtualmin is not a good solution for hosting mail? (I was sort of sold the idea that it was right here in this forum several weeks ago.)

Not for someone who is very dependant on email and if your knowledge of postfix and dovecot is limited. 10 years ago I learnt the hard way but I guess you know best

1 Like

just like the “good old days” eh? clients who’d ever want them more rouble than they are worth … :black_joker:

Not trying to imply that at all. I came here asking about layering virtualmin over a more manual (postfixadmin/postfix/dovecot) setup of mail (because I like that it makes certain things simple for website hosting, like quotas and performance dials and so on) and got a sort of “Why do that when virtualmin works good out of the box?” answer… sort of moving forward that way ever since.

It certainly seems to me that the greylist milter’s designer knows how to reset the counter generally, what I see online suggests a .db file, but that happens not to exist in my virtualmin so I was hopeful that someone here would just be able to tell me. I sort of randomly ended up with calport saying “that’s not what rate limiting is for” which confused me and got me here. If my boss ever says something like “Did you tell someone from sueyoublind.com that they can’t send out mail till tomorrow?” he means “Make sueyoublind.com happy so they keep paying us”.

I think the question is quite reasonable. but it seems like there is no switch available that anyone here is aware of. (and evidently nothing to do with the missing file/db) Perhaps it really is a “nobody knows” and comes down to yet another Blue Skies Request. (but I suspect most of us/and our clients can wait just 24hr)

Here is what I had said

Later, I also said

And @jimr1 said

In summary, @Ron_E_James_D.O, that’s how everyone else does it too. But if you want to provide an extra level of service to your law firm customers then fiddle with your server settings by all means.

This is what you have to do.

Is this getting off topic or what :slight_smile: In australia some big ISP are getting rid of mail and outsourcing and what a mess.