Detect and block abuse of (cracked) e-mail account 
Friday, 28 February 2014, 10:45 - Postfix Stuff, Mail stuff
To avoid bad things(TM) caused by a cracked e-mail account on our postfix mailserver, I used the script Check Auth Log to detect abnormal high numbers of logins or logins from many different IP addresses within a certain time onto a certain account. Then the script will lock out the account. This, together with per-session limits within postfix configuration (smtpd_client_message_rate_limit, smtpd_client_recipient_rate_limit), should help to avoid or at least mitigate the damage caused by cracked accounts, i.e. SMTP server being blacklisted.


Add Comment
Fill out the form below to add your own comments.

Insert Special:

Moderation is turned on for this blog. Your comment will require the administrators approval before it will be visible.