[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Non Zimbra question and I hope that is ok if this type of thing is not abused.
We use Postfix plugin "Postfixd" (http://www.policyd.org/) to enforce
outgoing mail ralte-limit. Webmail senders are autromatically blocked
from sending more email when the ratelimit is execeeded. We wrote
tools to send alerts to a list when a user is blocked, and HelpDesk
has tools to review the alerts and decide if these users accounts are
compromised and disable accounts all together. It's very effective
since its been implemented. Central smtp servers are protected and we
also see much less compromised accounts. We caught a few users on
blacklist when we first implemented, now only one or two in a couple
of weeks.
Xueshan
On Mon, Aug 22, 2011 at 7:46 AM, Steve Elliott <selliott@kennesaw.edu> wrote:
> Situation: We have staff/faculty on our campus that don't realize that you
> give out your email login data, including password to phishing emails. So
> we get compromised accounts.
> We are in the works of putting an external MTA (barracuda system) that our
> Zimbra email will be filtered through if it leaves campus. Of course this
> may hit some good emails with the bad ones. Though I routinely check to see
> if we have a rogue account they usually have 2-4 hours of uninterrupted
> time, especially during the night hours where they can spam their hearts
> out.
>
> Question: What solutions do you use to help in those situations?
>
>
>
--
Xueshan Feng
Infrastructure Delivery Group, IT Services
Stanford University