On Sat, Jun 7, 2014 at 3:33 PM, Kai Krakow <hurikha...@gmail.com> wrote:
> How is one supposed to automatically block such hijacked accounts within > postfix? A simple heuristic could be detecting unusual high mail volume for > that account, probably by detecting the always repeating or similar > subjects. What I do against this is; install CSF/LFD, the open/free suite of ConfigServer scripts. It has a wonderful option where you can prevent the blacklisted IP to even access postfix at all. Blocklists are controlled by modifying /etc/csf/csf.blocklists (I would recommend against using spamhaus or UCEprotect though, too many weird decisions there, and prone to false positives). So why not do that? In addition you get an awful lot of good security for your server. Regards, Julius Thijssen
