The
current exim.pl
files have the ability to track who is sending email. There is an
option to turn on a limit for how many emails are sent by a particular
user. To enable this limit, simply add the number of emails you'd
likely to allow per day to the /etc/virtual/limit file.
For most cases 200 emails should be enough for any users.
Once the limit file has a number greater than 0, the exim.pl will start
to count the number of emails sent by a user. In the /etc/virtual/usage
directory, there will be 2 types of files. '
username' and '
username.bytes'.
The bytes file will store how large each email was. The total sum of
the bytes in that files will give the amount of outgoing smtp bandwidth
used that day (this is always enabled). The other file ('username') is
used to count the number of emails sent. Each email sent will add
another byte to the file, so the exact size of the file is the number of
emails sent.
When looking for a spammer, check the /etc/virtual/usage/
username files to see a larger file, and also check /etc/virtual/usage/
username.bytes, to look for a repeated size. Large number of same-sized emails generally indicates spam.
Enforcing strong passwords is a good way to prevent passwords from being guessed.
Difficult Password Enforcement
A new feature of the exim.pl (as of Jan 2011) is the ability to specify
custom limits on a per-User basis (per DA-User). To do this, first
ensure you have the latest
exim.pl. You can confirm this by checking for this line:if (open (LIMIT, "/etc/virtual/limit_$name"))
If
you have that line in your exim.pl, then you're good to go. If not,
save it to /etc/exim.pl and restart exim. The same basic rules apply,
you just need to type:echo 300 > /etc/virtual/limit_
usernamewhere
username is the User you wish to give the special limit to. This overrides the default /etc/virtual/limit file for that User.
If you think you might have a spammer, check your /etc/virtual/usage directory for a larger than normal filesize.
Any authenticated sends will show up with this command:cd /var/log/exim
grep 'A=login:' mainlog* | less
which will show all emails sent from
your server which used smtp-authentication. This is useful to find any
email accounts who's passwords may have been compromised (guessed), or
simply just abusive Users.
With DA 1.42.0 and
/etc/exim.pl version 13, you can use a
per-email send limit, where you can limit each individual email account to a daily limit, eg:echo
50 > /etc/virtual/user_limit
echo user_can_set_email_limit=1 >> /usr/local/directadmin/conf/directadmin.conf
/etc/init.d/directadmin restart
Users can set
set these limits
in their E-Mail Accounts section of their User Level. The default max
value a User can specify for an email is their global DA account limit
(/etc/virtual/limit, or /etc/virtual/limit_
username if it exists). A lower max per-email limit can be set with the directaedmin.conf option: max_per_email_send_limit.