implement limits on outgoing messages for an account

by default 1000 messages per day, and to max 200 first-time receivers. i don't think a person would reach those limits. a compromised account abused by spammers could easily reach that limit. this prevents further damage. the error message you will get is quite clear, pointing to the configuration parameter that should be changed.
2025-07-10 09:54:40 +03:00 · 2023-03-28 20:50:36 +02:00
parent 9bd497b836
commit 9b57c69c1c
14 changed files with 262 additions and 4 deletions
--- a/config/doc.go
+++ b/config/doc.go
@ -594,6 +594,16 @@ describe-static" and "mox config describe-domains":
 					# in calculating probability reduced. E.g. 1 or 2. (optional)
 					RareWords: 0

+			# Maximum number of outgoing messages for this account in a 24 hour window. This
+			# limits the damage to recipients and the reputation of this mail server in case
+			# of account compromise. Default 1000. (optional)
+			MaxOutgoingMessagesPerDay: 0
+
+			# Maximum number of first-time recipients in outgoing messages for this account in
+			# a 24 hour window. This limits the damage to recipients and the reputation of
+			# this mail server in case of account compromise. Default 200. (optional)
+			MaxFirstTimeRecipientsPerDay: 0
+
 	# Redirect all requests from domain (key) to domain (value). Always redirects to
 	# HTTPS. For plain HTTP redirects, use a WebHandler with a WebRedirect. (optional)
 	WebDomainRedirects: