We're getting hit hard with phishing scams and users are falling for it in droves. Worse is, some are actually then phishing within our users. So I'm looking for ideas on how to help slow this down a bit at least, besides user education.
We deal the problem with dictionary attacks with fail2ban rules.
What we notice is that these accounts are being used to phish using zimbra desktop client. It is something we don't support, so is there a way to disable users from using it?
Next, we would I guess need a way to determine when a spam campaign starts and programatically lock these accounts. We can continue fighting robots with humans.