Why not rate limiting? I think everyone is doing it....I do... Cluebringer quotas can track one to one, one to many and many to one (botnets) in both directions (as sender or recipients)
2017-02-16 11:21 GMT-03:00 David Jones <djo...@ena.com>: > >From: Christian Grunfeld <christian.grunf...@gmail.com> > >Sent: Thursday, February 16, 2017 7:50 AM > >To: Spamassassin List > >Subject: Re: Filtering outbound mail > > >Are you using postfix as MTA? I use cluebringer suite which > >has a lot of functionality (spf checks, helo checks, greylist > >and quotas) > > I am using Postfix and cluebringer does looks pretty slick > so I will check into that. > > >Quotas are fully configurable by tracking inbound and > >outbound trafic by ip, sasl user, etc > > These outbound senders are my own internal customers > smarthosting through my mail relays so I can't do things > like rate limiting, greylisting, SPF checks, HELO checks, > etc. on them like I do for Internet inbound mail. > > For example, they may have an Exchange server that > sends legit emails all day long. Since I am their outbound > mail relay, I am their Internet edge server so SPF checks > and other network checks would be performed on my > server by the receiving Internet mail server. I have to > detect compromised accounts and block them to > protect the reputation of my mail server IPs (keep them > off of RBLs and a high senderscore.org score). > > My compromised account detect already works pretty > well but I am just wanting to improve it to detect a new > scenario. The common theme is lots of email sent to > FREEMAIL recipients that I need a rule hit for my SQL query.
