We run a small cluster of postfix servers that are dedicated outbound relayhosts for our customers. Beyond the outbound postfix cluster we have another cluster of mail filtering appliances that have served their purpose very well, but we are starting to get more compromised account due to phishing attempts and some of the spam is getting through the outbound filters due to the volume of new spam messages.
I am looking for advice on how to limit our exposure to malicious senders that have access to a users credentials. One method we have zero experience in is using RBLs, which I am hoping to learn more about.