How to detect compromised accounts?

[ChiquiFornari]

I've had an email server which had a script to inmediately alert administrator if a user sent more than X mails a day/hour.
That way it was easy to quickly detect if an account was compromised and used to send spam and have it dealt with before making a lot a damage.

I've investigated Mail Filter rules but I don't think it can do that, or at least I couldn't figure out how.

Is there anything to do this -or another way to detect compromised accounts- in PMG?

Thank you

 

[Stoiko Ivanov]

Currently there is no rate-limiting (or mail-counting) objects available in PMG - so this vector cannot be used.

Depending on your needs it can be enough to check the logs in a while - or have some monitoring script setup to watch the maillog for such behavior.

some users also setup postfwd for similar reasons (search the forum for postfwd)

I hope this helps!