* Stan Hoeppner <s...@hardwarefreak.com>: > Michael put forth on 6/24/2010 3:07 AM: > > I want to be able to monitor SASL users to get quick notification if > > something > > is out of the ordinary - like a spammer using a compromised account to send > > emails. > > > > What tool(s) can be used to achieve this? > > Given the nature of your requirement, you're probably not going to find a > Postfix tool or set of tools that will "notify" you when an account has been > hijacked. How would software be able to determine when a user password has
Maybe he will. The OP could install the policyd policy server (v1) and impose sender restrictions von sasl authenticated senders. If that is heavyweight, the OP can write a small policy service that tracks SASL authenticated users, the message volume and trigger an alarm when an account goes beyond 'normal', where 'normal' is either a global or user-specific threshold or a value learned by messaging habit observation. p...@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
