I really appreciate your (very) thorough answer. I'll use it to search for a solution or devise a homemade one.
The problem I'm describing affects so many web hosts... I'm surprised that this security problem has not been circumvented in any reliable way. I understand Postfix cannot fix alone the security issues of a web host, but a sensible sending default rate of let's say 500 mails/hour would solve a lot of common abuse situations without affecting normal traffic. I was looking at postfwd and policyd to solve this problem but as far as I can tell both are dead projects now. The other way I was looking into was this conf: smtp_destination_rate_delay = 2s By checking the queue size at regular intervals it could be possible to detect abuse, find the abusive source and at the same time limit the damage an abusive script could do to a server reputation by rate limiting it. Thanks again.
