On Tue, 15 Nov 2016 14:09:03 +0100, Volker Cordes <i...@freeline-edv.de> wrote: > Hello, > > I just stopped our server from sending out spam mails. A password from > one of our customers was hacked or somehow leaked so that the mails were > sent by an authenticated user. Now I was wondering if it is possible to > block users that authenticate themselves from a lot of different IP > addresses in a short timespan or to implement blocking using > geoip-services (99% of our customers are based in germany). > > Thanks, > Volker
hi cbpolicyd and fiew other throttling solutions are effective (if the limits are low enough to discourage spammers) besides of them im also using a script that traces ips from which user logged in in a time limit and if threre are more ip addresses than set limit user is locked out from sending mails the script counts actually 2 things logins and amount of mails sent and locks out user if limit for either one in a time window is exceeded Lockout is achived either by update to mysql table or by mosyfying postfix check_sender_access file unblocking is from commandline but its quite effective most of the time
