The things that occur to me are
Ensure that the sender domain is authorized by doing a rule in main.cf for send_restrictions. Then at least they won't be sending things with faked from=.
Do some work with rate limiting.
http://steam.io/2013/04/01/postfix-rate-limiting/
- Look at something like fail2ban.
On 2/24/2015 10:28 AM, Luciano Mannucci wrote:
Hello,
I have a few users that are often hit by a trojan virus that steals e-mail user and password. Having a very little (if not null) power on their machines, I need to be able to block the outgoing mail wich is handled by postfix via dovecot SASL. Blocking it at dovecot level would be optimal, for the virus doesn't necessarily use the e-mail of the user as its from, just the user and password for the authentication phase.
Is it feasible?
AdvThanksAnce,
Luciano.
-- George Sexton *MH Software, Inc.* Voice: 303 438 9585 http://www.mhsoftware.com