A couple of days ago my mail server got attacked by a spammer. As it looks like he managed to compromise the password of one of the users on the system and SASL authenticated using the account to send spam. I blocked the attacking IP and changed the password of the affected user. Still the spammer managed to send out quite a lot of mails because due to permit_sasl_authenticated letting him pass by. Now to deal with this situation in the future I would like to automatically lock down an account if an unusual amount of mails are sent like 60 per minute or so. I could though not figure out if postfix is able to do this or how to get this done. Any ideas?
-- Yours sincerely Plüss Roland
signature.asc
Description: OpenPGP digital signature
