On 12/05/2016 08:52 PM, Alex wrote: > Hi, > > I have a postfix-3.0.5 system with a few hundred users. They have > access to submission, webmail, and dovecot to send and receive mail. > > On occasion, user's local desktop are compromised, and with it their > account on this system. This leads to their local desktop using the > submission service to send hundreds or thousands of spam emails > through this compromised account. >
Sign up for the feedback loops of major providers like AOL, Comcast, and Yahoo. When their users hit "this is spam," you'll get a report in your inbox, and you'll be able to see immediately if it was sent from a compromised account. On a smallish system where the size of the active queue is usually tiny, you can also check the number of queued messages every minute or so and send yourself an alert if it goes over some threshold. Neither will stop the spam from going out, but they'll at least alert you to the problem.
