Does Zimbra provide the ability to limit email being sent out by [my] users?
Recently, I've had two episodes about 6 weeks apart, where one of my users' accounts was compromised (I think they responded to the old "you must send me your password or you'll be disconnected" phishing message). Anyway someone logged in as them and sent out a gazillion emails saying "you have won a million bucks, just send me your bank info so I can deposit the money..."
In each case, I didn't find out until the next day by looking at some of the reports (dailyreport etc) but by then our server's ip was already blocked by yahoo, gmail, att, and a bunch of other servers.
Seems to me that it would be very helpful if Zimbra would allow me to set a limit - maybe 400 messages/day or something and if any user hit that limit, it would automatically lock the account and send the admin a warning email? (I believe that gmail and others already do something like this...)
I understand that there is a way to manually do something like this with policyd, and I'm looking at that option for now, but as with any other "manual tweaks" I expect it to break with upgrades, and it's "unsupported"...
Is there another way to catch this type of problem early? What are large zimbra sites doing to avoid getting onto blacklists?
A similar issue would occur if a client's machine gets hit by a trojan or other malware which sends out spam.
I'm just looking for a better solution since it can take days to get off all the bad lists.(!) but just a few hours to get back on !(!)