[imp] Spam Problem ... close to a solution ... may be you could help?

[Rick Romero]

Quoting Andy Dorman <adorman at ironicdesign.com>:

> Also, the domain admin can also look at the email and if it is  
> really spam, they can quickly shut down the spammer.


Off-topic - I like to know how much spam they would have sent, so when  
I verify it's spam I redirect their outgoing mail to /dev/null but  
continue to count the recipients.  It blows your mind sometimes...

I also apply the same 'counting' to my entire outgoing queue.  I've  
found that while the per-user limits are helpful, those smarter  
spammers will just create more accounts.   By monitoring the entire  
mail flow for traffic spikes, I can shut down the entire outgoing  
queue and remove the abuser(s).

I use qmail, but any SMTP server should work.  Essentially:
1. Route all 'non-verified' users mail from the incoming SMTP server  
to 192.168.1.1.
2. Route all mail from 192.168.1.1 to 192.168.1.2.
3. 192.168.1.2 runs smtp-delay to 'pause' traffic on 192.168.1.1
4. Run a cronjob that counts the number of emails in queue on  
192.168.1.1 every minute.  You will need to tweak both the counts and  
delay times for your environment (and as you environment scales up).
So for example, if you consistently have 20 emails in queue, and spike  
to 60 under normal operations, set your program to shut the queue down  
at 70 and alert the admin.  You will obviously need staff to manage  
the alert (if you're swamped with spammers) and/or understanding from  
your users that this will occur.

Rick