Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Basic outbound email limits, per email account, at SMTP level for IP protection

    Feature Requests
    email
    4
    8
    73
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jackt last edited by girish

      I would love to see some sort of per user outbound email safeguards put in place. Limitations such as XX per hour, XX per minute, per user. OR Near immediate notification of problem accounts sending bulk emails. This is done to protect IP registration.

      girish 1 Reply Last reply Reply Quote 1
      • girish
        girish Staff @jackt last edited by

        @jackt said in Basic outbound email limits, per email account, at SMTP level for IP protection:

        This is done to protect IP registration.

        Can you clarify what this means? Do you mean someone might register the server IP as spam ? (Maybe 'report' is the better word here).

        M 1 Reply Last reply Reply Quote 1
        • M
          msbt App Dev @girish last edited by msbt

          @girish I had a customer that wanted to send out hundreds of cold emails to potential clients they had collected, which is forbidden in my country (also everything with 50+ recipients if you don't offer an option to unsubscribe).

          Luckily I cought it quickly because they complained about an issue in webmail (apparently you can't paste that many addresses in the bcc field) and told them off, but as @jackt suggests, it would be nice to have a "safeguard" or a custom limit so they can't go over from the technical side.

          Since I'm using Postmark on most of my servers, it wouldn't necessarily be about IP reputation, but legal issues and eventually money, if there are thousands of emails going out 😉

          1 Reply Last reply Reply Quote 3
          • J
            jackt last edited by

            Thanks for the replies.

            @girish. We plan on having hundred of users on a dedicated mail server. At least one of these accounts will abuse mail privileges at some point. Currently a user can send out tens of thousands of emails on the SMTP level without restriction. This can cause the mail server IP's to be banned affecting the deliverability of other account holder sends. Swapping out an IP sucks. We are able to put some restrictions in using RoundCube but they can be bypassed with a skilled email marketing company.

            We would love to see some basic outbound email limitations put in place. At the very least limiting the number of outbound emails per hour, per user account. Even if its 100 per hour it will offer some protection to the site owner.

            Some sort of notification would work as well. Emailing/texting admin if a user sends more than XX emails in a 15 minute period.

            I hope this clarifies. We have been searching for a solution fro 4 days now. It just doesn't exist.

            #3

            girish 1 Reply Last reply Reply Quote 1
            • girish
              girish Staff @jackt last edited by

              @jackt We don't have any outbound rate limiting feature.

              Just investigated this a bit (so some notes for myself): The rate limit plugin (which we already use) does have it but we haven't configured it with any limits - https://github.com/haraka/haraka-plugin-limit . However, the limits in that plugin are global and not for a specific account - https://github.com/haraka/haraka-plugin-limit/blob/master/config/limit.ini#L101

              jdaviescoates 1 Reply Last reply Reply Quote 3
              • jdaviescoates
                jdaviescoates @girish last edited by

                @girish said in Basic outbound email limits, per email account, at SMTP level for IP protection:

                limits in that plugin are global

                That's probably good/ OK, no?

                Impossible to know in advance which user will try to abuse the system.

                I use Cloudron with Gandi & Hetzner

                girish 1 Reply Last reply Reply Quote 0
                • girish
                  girish Staff @jdaviescoates last edited by

                  @jdaviescoates yes, possibly. I have to test if it works. I don't trust those "plugins" even if they are from the upstream project. Indeed, the top most commit in that plugin is by me 🙂

                  1 Reply Last reply Reply Quote 3
                  • J
                    jackt last edited by

                    Thanks for the effort. I agree that global restrictions will help. The ideal solution will be account level restrictions OR notification of spikes so we can quickly identify the problem account. The goal is to limit the need for full time monitoring.

                    1 Reply Last reply Reply Quote 2
                    • First post
                      Last post
                    Powered by NodeBB