I am investigating a way to control how many emails an authenticated user can send per day: For example, I would like to put a global limit per user to a maximum 1000 emails sent per day. Or a per used rule.
This is because the other day a user of our company had her account guessed, and these guys used her account to send 90k+ emails in 1 day before we noticed (it was Sunday). We quickly changed her credentials (she had a very weak password, so now I am learning how to force strong passwords on all accounts, and are almost there).
But anyway, any user can have his user/pass stolen, and the hackers can use SMTP authentication to send lots of unwanted emails through our MTA.
- I want to keep SMTP open for authentication, so users can use any email application/client, and our server to send their emails
- Domino is configured not as an open relay, but authenticated users can send email freely
I would like a way to tell Domino that if any authenticated user send more than X emails in the last Y hours, the server should stop taking that user requests to send emails, send the administrators an email notifying this situation, and provide a way to "unlock" that user.
Any ideas? Is this achievable with the OOTB Domino functionality? Are there plugins that I can use for this purpose? Would you recommend an open-source software to achieve this, which could be run along Domino? Thanks!