Good afternoon!
Our school district has been using a Postfix/Amavis/SpamAssassin config for over a year now with good results. Just recently, however, I've noticed that my mail filtering box has been hit by a spammer that uses a handful of email addresses to send mail to all legitimate senders in our domain. This caused my filter to queue up mail into the 1700+ range, effectively delaying mail delivery. We already reject mail going to undeliverable recipients by querying LDAP via a perl script. Granted, all the mail in question was dumped as spam, but it still caused mail to be delayed. Is there a way in Postfix that I can flag or alert if a certain sender is attempting to send more than X emails in a certain time? At this point I am not allowed to turn on "check for legitimate senders" to block mail from falsified email addresses, for fear of lost legitimate email from poorly-configured mail servers and DNS records. For instance, say we have 500 employees with email accounts. If I have a single sender that sends to more than 200 of them, I would want to review it as a possible spamming attack. Has anyone run into this? Thanks. Damian Bailey | baile...@lcps.k12.va.us Lead Technician | LCPS Technology 540.894.4373x8220 Shipping Address: Louisa County Public Schools 953 Davis Hwy Mineral VA 23117