I’ve recently found a need for outbound rate limiting in Zimbra. The idea is that this will help prevent a spam outbreak, sourcing from one of my users accounts, if it’s compromised. This has happened in the past, and it’s finally time to put a stop to it.

There are two options available to me for limiting outbound mail. First is within Zimbra, the other is via out outbound spam/virus filter which is handled by a ProofPoint Protection Server. This is basically an e-mail firewall, similar to Barracuda, or Postini.

I spoke with our support personnel at ProofPoint, and they were less than helpful. Not on the whole, they’re generally very good, I would in fact recommend them to others. The system is sound, and flexible, and their support is usually great. In this case, I was simply asking for something that this system cannot offer. Because this is an outbound limiter, i need to rate limit based on sender, not sending server. Apparently the PPS just doesn’t have that sort of tracking.

So I moved on to Zimbra. Out of the box, Zimbra does not have this feature either. However, Zimbra’s MTA is build on Postfix. A relatively clean, stock postfix. Most postfix mod’s also work on Zimbra’s MTA. I did a little digging, a little asking around on Zimbra’s forums, and a little research on my own and came up with Policyd.

Policyd is a service which runs on either your local postfix box, or on a remote box, which manages lists of policies. Postfix queries policyd for every transaction, and asks it if it has a policy which pertains to this transaction. Once it gets the result of said policy, it moves on with the session. Now, there are tons of things which can be done with policyd, I’m focusing on JUST outbound, and JUST quota based rate limiting.