I've been searching for some time, and what I want seems to be fairly obscure, because I haven't found clear examples of it (at least I don't think I have).
I run an Ubuntu server with user accounts, and we use a limited amount of email on it, which we process with Postfix. On occasion, a user will succumb to a phishing attack and their password will get out. Then a spammer will use that valid account to send a lot of emails. Naturally this gets caught fairly quickly, the account is suspended, and so on. Since we do such a limited amount of email with this server, it would be nice if I could limit local accounts to, say, 100 originated emails per day (or 1000 or whatever). That just keeps the flood smaller while we respond to it. It seems that a policy server like postfwd is the usual way to do something like this, and usually I see examples suggesting a main.cf rule like: smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10040 However, this kind of rule seems to run only for mail "passing through" my Postfix server and not for mail originating locally. In any event, the service running on port 10040 does not receive connections from Postfix for mail that is generated locally. I'd love if someone would show an example that "hooks this up." I'm confident that I have postfwd configured correctly to listen on port 10040, I just need Postfix to talk to it. Don
