From: Barney Desmond (barneydesmondgmail.com)
Date: Wed Jul 08 2009 - 18:25:40 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2009/7/9 Chris Turan <listschristuran.com>:
> The idea is to count the number of envelope recipients to determine who's
> sending to lots of people.  If someone goes over 500 per day, flag them as
> suspicious and alert me.
>
> Postfix already logs part of this in syslog but the recipient list is
> truncated or split up between multiple syslog messages.  Its not easily
> usable directly from syslog in its current form.
>
> Anyone do anything like this yet?  Have any suggestions or alternative ways
> of doing this?

I haven't done this myself, but I hear policy servers are quite
popular for this sort of thing (the usual question is how to setup
sending quotas for users, so this would be a slight modification).

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]