[BlueOnyx:26618] Re: email issue

Michael Stauber mstauber at blueonyx.it
Fri Dec 1 21:38:50 -05 2023 

Hi Barry,

> Is this of any help?
 >
> Dec  1 08:02:30 5209r milter-geoip: BLOCK: Rejecting barry of Vsite 
> site4 as the group has already sent 1610 emails today. BLOCKING.

Yes. The AV-SPAM's Milter-GeoIP has the option to log incoming and 
outgoing emails on a per Vsite and per User basis. I can alert and block 
when Vsites or Users exceed their configured daily email sending limit.

Which it did in your case.

These limits can be defined on a per Vsite and per User basis to 
restrict the sending of emails past a certain daily limit, which is 
quite useful.

When you login to your server, go to "Active Monitor" / "Status" and 
select "Email Traffic Monitor". That will show you the email traffic per 
Vsite and per User.

In your case the user "mailman-bounces" has sent more than 1600 emails 
today, which pushed the whole Vsite he's associated with past the daily 
limit.

How to deal with it? Two choices:

Turn the feature off for the entire server or configure it properly:
======================================================================

You can do so under "Server Management" / "Network Services" / "AV-SPAM" 
in the "GeoIP" tab.

Under "Daily Limits for Email-Sending" you can define how many emails 
"Server accounts" (such as "mailman") can send per day.

Under "Virtual Sites" you can configure a default for (new) Vsites.

Under "Users" you can configure a default for (new) Users.

Unticking the checkbox "Enforce Email Limits" turns this feature off for 
the whole server and no restrictions will be applied anymore.


Configuration on a Vsite Level:
================================

In "Site Management" go to the Vsite in question and choose "Services" / 
"Email". There you can (individually for each Vsite) tick or untick 
"Enforce Email Limits" and can configure the "Site Allowance" and "User 
Allowance" for email sending.


My recommendation:
===================

Leave this feature on globally, but find sensible settings for "Server 
accounts", Vsites and Users.

If you're running a mailing list, set "Server accounts" to perhaps 
several thousands of email a day under "Server Management" / "Network 
Services" / "AV-SPAM" in the "GeoIP" tab.

Then for the Vsites themselves (and their Users) find settings that 
match your expected usage.

Milter-GeoIP sends warning messages to the admin account, the Active 
Monitor account as well as to affected users when someone gets close to 
their daily limit, so having sensible values configured is a good early 
warning measure to find out when an account has gotten compromised and 
starts sending SPAM.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list