Hello, Sorry for the broad question, but is there any sort of best common practice these days regarding limiting outbound email? We recently had a customer's account compromised (not sure if it was brute-forced or keylogged) and then the perp proceeded to use their credentials to smtp-auth themselves a huge load of viagra spam.
I'd like to take some measures to limit what an authenticated sender can do but not limit legitimate use. I assume this is not an uncommon scenario, but pointers from those with more Postfix experience would be quite welcome. I do have amavis available for outbound virus scanning, and could conceivably have it do the same with spam scanning but that feels not quite right (and probably fairly resource intensive if someone was trying to cram tens of thousands of messages through the system). Thanks, Charles
