Rate limiting and auto user block to block spam outbursts

[Labsy]

Hi,

Is there any new and built-in mechanism available for Zimbra to setup and auto rate limit spam outbursts? I am really not into installing policyd with Apache and Sqlite onto ZCS server.

What I am thinking is somehow employ some shell script to look for possibly compromised accounts, like this one:

Code: Select all

cat /var/log/zimbra.log | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -nr

This outputs the possible suspects, if few users count is unusually higher than others.
Then script should just inform admin and user of the action, then LOCK/BLOCK this user account.

It would be very light alternative to all mambo-jumbo with policyd and SQL.
Thoughts?

[phoenix]

There is always Rspamd, it can do rate limiting and although I don't use that feature it is fairly easy to configure: https://rspamd.com/doc/modules/ratelimit.html

That would, of course, require you to install rspamd as your ant-spam solution although that may not be your cup of tea. There is a sticky thread in these forums and a wiki article describing how to install it and in my experience it's trivial. The only thing that's necessary is a couple of changes that aren't preserved after upgrades and need to be reapplied..