We are a small wireless ISP with around 300 mailboxes on a zimbra server. Every few months one or two users fall for the fresh phish-of-the week email and get their account passwords taken which promptly means we end up sending out 45 bazzilion spam emails for a few hours until we realize whats going on.
This is followed by 2-3 weeks of being on several blacklists (currently we are blacklisted by Gmail and its near impossible to resolve) coupled with support calls from some VERY unhappy users complaining that they are unable to send email to some people.
I've been googling this for some time now and honestly cannot find any good information on this topic, every thread I found in this forum on the topic is pre 2011 and not a single one of them ended in "we found this perfect way of addressing the problem"
(we cannot use the setting that locks outgoing mail only to users on the local domain because we have 3 domains and many users go on holiday elsewhere and still need to be able to use email)
So here is my question:
Why has no one thought of a simple setting like "rate limit outgoing messages to X/hour(or X/day)" ? It seems like a really super easy thing to do and then would have a option below that reads "If limit is exceeded lock mailbox for X hours and send a report to admin@...".
I read about policyD (as seen Ratelimit Sending Messages using Policyd) but the results of that thread did not seem very promising.
Aslo I'm technically not smart enough to feel confident setting this up and my boss avoids any changes to the server like the plague unless I can show him concrete proof that it will be easy to do and work properly.
Ps. I also read a lot of replies to these threads that go along the lines of "seems like a user problem, you should educate your users". To those people I'd just like to ask one question: "Do you have parents or children sir/ma'am?" You could spend all the known resources of mankind on user education and still make hardly any progress, the largest amount of our users are older folk that cannot even open their email if you move their email icon 32 pixels from its normal location