Re: BCP on throttling outbound mail

At 04:16 PM 7/23/2012, you wrote:
>Hello,
>
>Sorry for the broad question, but is there any sort of best common practice these days regarding limiting
outbound email?  We recently had a customer's account compromised (not sure if it was brute-forced or
keylogged) and then the perp proceeded to use their credentials to smtp-auth themselves a huge load of
viagra spam.
>
>I'd like to take some measures to limit what an authenticated sender can do but not limit legitimate use.  I
assume this is not an uncommon scenario, but pointers from those with more Postfix experience would be
quite welcome.
>
>I do have amavis available for outbound virus scanning, and could conceivably have it do the same with spam
scanning but that feels not quite right (and probably fairly resource intensive if someone was trying to
cram tens of thousands of messages through the system).
>
>Thanks,
>
>Charles

I've been using postfwd.org for rate-limiting outbound senders, and inbound senders and IPs, plus lots of
other inbound filtering, for a 2+ years.  It killed our horrible problem of cracked passwords.

Len