On 10/13/2010 05:53 PM, Dan Lannom wrote: > At many Universities there is a continual problem with accounts being > phished and used to send spam. We have a number of measures that > catch stolen accounts but they take a little bit of time to block > outgoing email. > > Ideally I'd like to hold email to either a new address or a new > address,sender,sender ip triplet like greylisting uses. Even holding > for a minute would give us enough time to lock the account and remove > all incentives to phish our accounts (I hope). > > Is anyone aware of of a greylisting type policy server that can use > a specific header, containing the sender ip, or one that just uses > the destination address?
You could modify Postgrey to return HOLD instead of DEFER_IF_PERMIT. Then, subject your submission service to the modified Postgrey. Held messages can be released with a cron job. (You may want to test that the auto-whitelist still works properly under this scheme.)
