Hi All,
I'm attempting to come up with a better solution for detecting email
customers who attempt to send email campaigns using my mail servers.
I'd like to find a way to have postfix log the sender and recipient
addresses into a flat file, as well as the message id and timestamp.
The idea is to count the number of envelope recipients to determine
who's sending to lots of people. If someone goes over 500 per day, flag
them as suspicious and alert me.
Postfix already logs part of this in syslog but the recipient list is
truncated or split up between multiple syslog messages. Its not easily
usable directly from syslog in its current form.
Anyone do anything like this yet? Have any suggestions or alternative
ways of doing this?
-Chris
- Logging sender recipient pairs Chris Turan
-
