On Sat, Apr 18, 2015 at 06:16:56PM +0000, Chuck Peters wrote:
> I'm researching migrating some Exim servers to Postfix and would like to
> implement automatic blocking of compromised and spammers' accounts with
> notifications to staff. Any suggestions?
>
> On the Exim user list today someone suggested
> https://github.com/Exim/exim/wiki/BlockCracking.
>
With Postfix you would generally use a policy service to detect
anomalous outbound mail from potentially compromised accounts.
What constitutes anomalous outbound mail is then up to the policy
service. Various policy services are in use for this purpose.
A policy service might even connect to a loopback Postfix SMTP
service port that is configured to use "recipient verification" to
check for non-existent addresses (and caches positive/negative
results) (make sure that SMTP service is not configured to also
use the same policy service).
Most users seem to get adequate results with just volume limits.
If at all possible, generate strong random passwords for submission
users, these are not passwords users type in very often. The MUA
will store the password, so there's no reason to have a "memorable"
one. This also avoids passwords that are used at multiple sites
and get compromised when those sites get breached.
--
Viktor.
