On Sat, Feb 02, 2019 at 11:46:35AM -0500, micah anderson wrote: > SH Development <listacco...@starionline.com> writes: > > > I'm about at my wits end with Google. > > > > A couple of weeks ago, we had a user account get compromised. About > > 11,000 spam emails were sent through the account over a 24 hour period > > before we caught it and shut it down. > > I know it doesn't help your current situation, but I highly suggest you > setup postfwd with some sending limits, so that this does not happen > again in the future. >
Seconded. Setting sending limits, with a process for expanding the limit for customers who legitimately need expansion, completely stopped us being added to RBLs at my former employer. The customers who needed more messages per hour/day got a lecture about keeping their passwords safe and an explanation of the financial penalties we would exact from them should their account get us RBLed. For us, 100/hour 500/day was a sufficient default for 99.99% of our users. We had maybe 25 clients setup with expanded limits five years after implementing the policy deamon. We also trolled the log files to count the total number of e-mails sent per user each day. We got an emailed report hourly. We often identified compromised accounts before they hit the limits when the spammer was sneaky enough to slow send. Submitting e-mail from three continents in an hour is a pretty good indicator of a compromised account. PolicyD meant it was okay if we took some time for sleep or missed the hourly reports for a weekend. -- Scott Lambert KC5MLE Unix SysAdmin lamb...@lambertfam.org
