I've had some customers having trouble with some spear fishing attempts. Some times a user will suddenly get a flood of emails from multiple sources all containing banned extension files. So far everything is fine and they all get blocked, but the warnings pour in via the zimbraMtaBlockedExtensionWarnRecipient setting which is handy when engineers want to know why some files they are being sent are not coming through.
I think the count this morning was around 60+ emails warning of bad attachments, and that was before the office opened. Since it comes from a variety of hosts it isn't a real easy one to just blackhole any IPs. Fail2ban is doing its job, but I am not seeing more than one of these banned emails come from a specific IP.
Would it be possible to adjust the granularity of this setting either by not flooding the user after so many messages or at least allowing me to turn it to FALSE for individual users?
I have temporarily turned it to FALSE and placed a cron job to turn it back to true after a few days.
ZCS Network Edition 8.0.7
On CentOS 6.5