Hi, I have a postfix-3.0.5 system with a few hundred users. They have access to submission, webmail, and dovecot to send and receive mail.
On occasion, user's local desktop are compromised, and with it their account on this system. This leads to their local desktop using the submission service to send hundreds or thousands of spam emails through this compromised account. They're only stopped after the user receives a ton of bounce messages, or we happen to see it somehow while watching logs. What mechanisms are available to say, control the number of messages sent per day or otherwise be made aware of a pattern of messages being sent by an account that could be indicative of account compromise? Thanks, Alex
