Dave Jones: > I need to be able to relay outbound for this customer of ours as a service > we provide and I need to be able to block compromised accounts which I have > been successful at for years until this new spam technique showed up a few > weeks ago. > I do have a way to detect this Bcc sending _after the fact_ and put in a > DISCARD for the sending address to stop the spam but some have already > gotten out. When Bcc'ing 300 at a time, even a few getting out will create > a lot of damage to our IP's reputation.
Use postfwd, set a rule that triggers with too many recipients per SASL login. http://www.postfwd.org/ Wietse
