Sorry for the x-post, but I'm not sure if this is best done by Postfix or deliver...
Last night we had a user sign up who for some reason used their account to receive a _lot_ of spam (thousands of messages per minute). I'm curious as to why this might happen--any suggestions via private email would be welcome. But that's not the purpose of this post... What I'd like to do is avoid this happening in the future. I've manually added this address with REJECT to check_client_access for now. Now what I'd like to do is add something that checks how many messages a user has received in the last n minutes, or in some other way is triggered by an unusual rate of email to a particular user. I'd want to be able to trigger a little script based on this hook, which would automatically add the user to our check_client_access table and notify me that something fishy was going on. That way my other users won't be effected because Postfix will block the deluge of messages early on. What would be the easiest way to do this? I could use unix_notify in Cyrus to update a table and check rate with a little Perl daemon, but this seems like a resource intensive way to do such a simple check... Another extreme would be a cron job that checks somehow the message rate--but what log to check? How are others dealing with this, if at all? TIA, Jeremy
