Thanks Christos,
so I might want to look into rate limits.
Have not looked into rspamd as I'm running postfix with amavis-new and
spamassassin
Is rspamd compatible with amavis-new?
Thanks & greetings
Becki
Am 19.02.2019 um 12:23 schrieb Christos Chatzaras:
We wrote a shell script that runs hourly and notifies us for SASL
authentications with IPs for at least 2 different countries in the previous
hour. In the future we plan to automatically change the password if SASL
authentications are from 3 different countries. This catches most of the hacked
e-mail accounts.
Also we use Postfix relays with Rspamd checking the From header (we don't allow
users to spoof From address) and doing rate limits (500 e-mails / hour). If
someones tries to send more e-mails then the extra e-mails go to queue for
later delivery. So we have some time to manually check.
