Our client's postfix servers are being frequently getting attacks using
compromised accounts
In most cases it seems the spammer simply uses a phished
username/password , sends a whole lot of 419ers until we manually change
the password , but the damage is already done
Implementing ratelimits is not really helping because ultimately the
mail will go through after the anvil time.
Since the legitimate users are extremely low email users , I can safely
block "anyone" permanently who sends more than 1 mail in 10s with zero FP's
How can I do this ?
Thanks
Ram
