I’ll try to explain myself better, let’s say that my NS is hacked and the attacker uses it to shoot spam emails all over the internet. To limit the damage I would like to set a limit on hourly sending regardless of the IP from which it comes.
In the meantime, I thank you.
fail2ban is very useful in case of attack attempts due to the blocking it applies, but it cannot do anything in case of theft of valid credentials.
For this reason I would like to limit the maximum number of messages that can be sent, for example, per hour
Best would be to monitor the Mail-Queue.
Limiting without real reason can also limit legit info mailing to clients (example).
Wheras, when a spammer strikes, the mail queue is always filled up. If it’s full, and you are not aware of a reason, it’s spam and can be emptied (mailqueue) and repaired / excluded whatever. Often this comes from compromised or to easy access credentials.
Zabbix, on NS8, would be a nice option for this…
Postfix also has limiting options…
See here for some ideas: