implement limits on outgoing messages for an account

by default 1000 messages per day, and to max 200 first-time receivers. i don't think a person would reach those limits. a compromised account abused by spammers could easily reach that limit. this prevents further damage. the error message you will get is quite clear, pointing to the configuration parameter that should be changed.
2025-07-12 17:44:35 +03:00 · 2023-03-28 20:50:36 +02:00
parent 9bd497b836
commit 9b57c69c1c
14 changed files with 262 additions and 4 deletions
--- a/http/admin.html
+++ b/http/admin.html
@ -476,6 +476,7 @@ const account = async (name) => {
 	const config = await api.Account(name)

 	let form, fieldset, email
+	let formSendlimits, fieldsetSendlimits, maxOutgoingMessagesPerDay, maxFirstTimeRecipientsPerDay
 	let formPassword, fieldsetPassword, password, passwordHint

 	const page = document.getElementById('page')
@ -576,6 +577,42 @@ const account = async (name) => {
 			),
 		),
 		dom.br(),
+		dom.h2('Send limits'),
+		formSendlimits=dom.form(
+			fieldsetSendlimits=dom.fieldset(
+				dom.label(
+					style({display: 'inline-block'}),
+					dom.span('Maximum outgoing messages per day', attr({title: 'Maximum number of outgoing messages for this account in a 24 hour window. This limits the damage to recipients and the reputation of this mail server in case of account compromise. Default 1000. MaxOutgoingMessagesPerDay in configuration file.'})),
+					dom.br(),
+					maxOutgoingMessagesPerDay=dom.input(attr({type: 'number', required: '', value: config.MaxOutgoingMessagesPerDay || 1000})),
+				),
+				' ',
+				dom.label(
+					style({display: 'inline-block'}),
+					dom.span('Maximum first-time recipients per day', attr({title: 'Maximum number of first-time recipients in outgoing messages for this account in a 24 hour window. This limits the damage to recipients and the reputation of this mail server in case of account compromise. Default 200. MaxFirstTimeRecipientsPerDay in configuration file.'})),
+					dom.br(),
+					maxFirstTimeRecipientsPerDay=dom.input(attr({type: 'number', required: '', value: config.MaxFirstTimeRecipientsPerDay || 200})),
+				),
+				' ',
+				dom.button('Save'),
+			),
+			async function submit(e) {
+				e.stopPropagation()
+				e.preventDefault()
+				fieldsetSendlimits.disabled = true
+				try {
+					await api.SetAccountLimits(name, parseInt(maxOutgoingMessagesPerDay.value) || 0, parseInt(maxFirstTimeRecipientsPerDay.value) || 0)
+					window.alert('Send limits saved.')
+				} catch (err) {
+					console.log({err})
+					window.alert('Error: ' + err.message)
+					return
+				} finally {
+					fieldsetSendlimits.disabled = false
+				}
+			},
+		),
+		dom.br(),
 		dom.h2('Set new password'),
 		formPassword=dom.form(
 			fieldsetPassword=dom.fieldset(