Beyond user education, we've done the following:
* Put various phisher's sender addresses in the blacklist on our FortiMail anti-spam appliance
* Disabled Mail Identities in every Class of Service
* Disabled New mail notification in every Class of Service
* I wrote a perl script that we run every 10 (lately every 5) minutes that searches Zimbra's LDAP server for Reply-To addresses that aren't in our domain. It also checks forwarding addresses for anything not in a list of known legitimate forwards. If either condition is met, the account is immediately put in a Locked state and administrators are notified.
Unfortunately, some accounts are also being used without such modifications to them. Those we have to catch and lock manually.
What I'd like to have is a simple way to black-list recipient addresses. The poster "su_A_ve" mentioned something about a patch to amavis to add a high score to a recipient address. Can someone explain to me how that might be accomplished? I don't know anything about amavis.
I'm also trying to play around with smtpd_recipient_restrictions and check_client_access in postfix's main.cf file, but that whole mechanism seems quite convoluted to me.
Thanks.
—Steve  |