Block *successful* SMTP authentications
Posted: 10 May 2016, 04:53
We occasionally see phished/hacked accounts sending spam via authenticated SMTP, and they typically come from a large number of different IPs.
I know we can block based on failed SMTP failed but I'd like to block *successful* SMTP authentications when they come from too many different IPs (or better yet, when they come from too many different countries).
Any way to do this currently?
I know we can block based on failed SMTP failed but I'd like to block *successful* SMTP authentications when they come from too many different IPs (or better yet, when they come from too many different countries).
Any way to do this currently?