On 1/31/2012 8:03 PM, l...@airstreamcomm.net wrote: > We run a small cluster of postfix servers that are dedicated outbound > relayhosts for our customers. Beyond the outbound postfix cluster we have > another cluster of mail filtering appliances that have served their purpose > very well, but we are starting to get more compromised account due to > phishing attempts and some of the spam is getting through the outbound > filters due to the volume of new spam messages. > > I am looking for advice on how to limit our exposure to malicious senders > that have access to a users credentials. One method we have zero > experience in is using RBLs, which I am hoping to learn more about. >
Most people address this with sender rate limits using a policy service such as policyd or postfwd, possibly combined with outbound virus/spam scanning. http://www.postfix.org/addon.html#policy Once the rate limit (or outbound virus/spam limit) is tripped, the account is flagged for an admin to check further, and maybe temporarily disabled depending on site policy. I'm not quite sure how an RBL would be useful here. -- Noel Jones
