At 04:16 PM 7/23/2012, you wrote: >Hello, > >Sorry for the broad question, but is there any sort of best common practice >these days regarding limiting outbound email? We recently had a customer's >account compromised (not sure if it was brute-forced or keylogged) and then >the perp proceeded to use their credentials to smtp-auth themselves a huge >load of viagra spam. > >I'd like to take some measures to limit what an authenticated sender can do >but not limit legitimate use. I assume this is not an uncommon scenario, but >pointers from those with more Postfix experience would be quite welcome. > >I do have amavis available for outbound virus scanning, and could conceivably >have it do the same with spam scanning but that feels not quite right (and >probably fairly resource intensive if someone was trying to cram tens of >thousands of messages through the system). > >Thanks, > >Charles
I've been using postfwd.org for rate-limiting outbound senders, and inbound senders and IPs, plus lots of other inbound filtering, for a 2+ years. It killed our horrible problem of cracked passwords. Len