[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Non Zimbra question and I hope that is ok if this type of thing is not abused.



On Mon, Aug 22, 2011 at 10:46:30AM -0400, Steve Elliott wrote:
> Situation: We have staff/faculty on our campus that don't realize that you give out your email login data, including password to phishing emails. So we get compromised accounts. 
> We are in the works of putting an external MTA (barracuda system) that our Zimbra email will be filtered through if it leaves campus. Of course this may hit some good emails with the bad ones. Though I routinely check to see if we have a rogue account they usually have 2-4 hours of uninterrupted time, especially during the night hours where they can spam their hearts out. 
> 
> Question: What solutions do you use to help in those situations? 

We have installed a Postfix policy server on all of our mailbox servers
that counts the number of recipients for each outgoing message and
keeps a running tally for each sender address. When a daily threshold
is exceeded, Postfix rejects any further messages from that sender
until the timer rolls over or we manually reset the counter. We can
whitelist individual senders, but in practice we have not had many
false positives. We adjust the limit as necessary, but it is usually a
few thousand recipients per day.

-- 
M. Brent Harp 
Analyst 
Computing and Communications Services 
University of Guelph 
Guelph, Ontario, Canada N1G 2W1 
Tel: 519-824-4120 ext 56621 
Fax: 519-767-1060 
E-mail: brharp@uoguelph.ca 
www.uoguelph.ca/ccs